CVE-2022-24406

MEDIUM

OX App Suite <7.10.6 - SSRF

Title source: llm

Description

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.

References (2)

[Product, Vendor Advisory] https://open-xchange.com

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2022/Jul/11

Scores

CVSS v3 6.5

EPSS 0.0025

EPSS Percentile 48.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-330

Status published

Products (1)

open-xchange/ox_app_suite < 7.10.6

Published Jul 27, 2022

Tracked Since Feb 18, 2026