CVE-2023-26452
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.
Se podría abusar de las solicitudes para almacenar en caché una imagen y devolver sus metadatos para incluir consultas SQL que se ejecutarían sin comprobar. Explotar esta vulnerabilidad requiere al menos acceso a redes adyacentes del servicio de conversión de imágenes, que no está expuesto a redes públicas de forma predeterminada. Se podrían ejecutar sentencias SQL Arbitrarias en el contexto de la cuenta de usuario de la base de datos de servicios. Las solicitudes de API ahora se verifican correctamente para detectar contenido válido y los intentos de omitir esta verificación se registran como errores. No se conocen exploits disponibles públicamente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-02-22 CVE Reserved
- 2023-11-02 CVE Published
- 2023-11-10 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | < 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version " < 7.10.6" | - |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | - |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6069 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6073 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6080 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6085 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6093 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6102 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6112 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6121 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6133 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6138 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6141 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6146 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6147 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6148 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6150 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6156 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6161 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6166 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6173 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6176 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6178 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6189 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6194 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6199 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6204 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6205 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6209 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6210 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6214 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6215 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6216 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6218 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6219 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6220 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6227 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6230 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6233 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6235 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6236 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6239 |
Affected
| ||||||
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | 7.10.6 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.10.6" | patch_release_6241 |
Affected
| ||||||