Description
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.open-xchange.com/
Exploit, Mailing List, Third Party Advisory x_refsource_confirm
https://seclists.org/fulldisclosure/2020/Oct/20
Scores
CVSS v3
4.3
EPSS
0.0020
EPSS Percentile
41.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (2)
open-xchange/open-xchange_appsuite
7.10.2
open-xchange/open-xchange_appsuite
7.10.3
Published
Oct 23, 2020
Tracked Since
Feb 18, 2026