CVE-2014-5236

high-risk

Published 2020-01-31

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.

Do I need to act?

~

6.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Open-Xchange Appsuite

Affected Vendors

Open-Xchange

References (6)

Third Party Advisory http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversa...

Release Notes http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7....

Third Party Advisory http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded

Third Party Advisory http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversa...

Release Notes http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7....

Third Party Advisory http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded

55

/ 100

high-risk

Severity 26/34 · High

Exploitability 9/34 · Low

Exposure 20/34 · Moderate