Vulnerability Details CVE-2018-5751
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html
- http://seclists.org/fulldisclosure/2018/Jun/23
- https://www.exploit-db.com/exploits/44881/
- http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html
- http://seclists.org/fulldisclosure/2018/Jun/23
- https://www.exploit-db.com/exploits/44881/
Products affected by CVE-2018-5751
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:6.20.7
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.0
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.1
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.3
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:6.22.4
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.1
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.0.2
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.1
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.2
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.0
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.2
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.3
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.8.4