CVE-2020-15002

MEDIUM

OX App Suite <=7.10.3 - Server-Side Request Forgery via Messaging API

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-15002. PoCs published by skr0x1c0.

AI-analyzed exploit summary This repository contains a Go-based proof-of-concept exploit for CVE-2020-15002, an SSRF vulnerability in Open-Xchange. The exploit leverages a ToCToU race condition in DNS resolution, combined with a large payload to delay processing, to bypass URL validation and execute SSRF attacks.

Description

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

Exploits (2)

nomisec WORKING POC

by skr0x1c0 · poc

https://github.com/skr0x1c0/SSRF-CVE-2020-15002

View Code ZIP pw:eip

This repository contains a Go-based proof-of-concept exploit for CVE-2020-15002, an SSRF vulnerability in Open-Xchange. The exploit leverages a ToCToU race condition in DNS resolution, combined with a large payload to delay processing, to bypass URL validation and execute SSRF attacks.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Complex

Reliability

Racy

Target: Open-Xchange (versions up to 7.10.3)

Auth required

Prerequisites: Access to Open-Xchange instance · Control over a DNS server for a domain · Valid credentials for the Open-Xchange instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1090 - Proxy

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by skr0x1c0 · poc

https://github.com/skr0x1c0/Blind-SSRF-CVE-2020-15002

View Code ZIP pw:eip

This repository contains a Go-based proof-of-concept for CVE-2020-15002, a blind SSRF vulnerability in Open-Xchange Documents. The exploit leverages improper URL validation after redirects to perform internal port scanning and reconnaissance.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Reliable

Target: Open-Xchange Documents (versions affected by CVE-2020-15002)

Auth required

Prerequisites: Valid Open-Xchange credentials · Network access to the target server · Ability to run a redirector server accessible by the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product x_refsource_misc

https://www.open-xchange.com/

Exploit, Mailing List, Third Party Advisory x_refsource_confirm

https://seclists.org/fulldisclosure/2020/Oct/20

Scores

CVSS v3 5.0

EPSS 0.0924

EPSS Percentile 92.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Details

CWE

CWE-918

Status published

Products (1)

open-xchange/open-xchange_appsuite < 7.10.3

Published Oct 23, 2020

Tracked Since Feb 18, 2026