Test ID:	1.3.6.1.4.1.25623.1.0.806070
Category:	Web application abuses
Title:	Open-Xchange (OX) App Suite Multiple Vulnerabilities -02 (Oct 2015)
Summary:	Open-Xchange (OX) App Suite is prone to multiple vulnerabilities.
Description:	Summary: Open-Xchange (OX) App Suite is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Crafted OLE Objects within OpenDocument Text files can be used to reference objects with absolute or relative paths. - Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite Vulnerability Impact: Successful exploitation will allow attackers to access or read arbitrary files that contain sensitive information, to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Affected Software/OS: Open-Xchange (OX) App Suite versions before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10. Solution: Update to version 7.4.2-rev10 or 7.6.0-rev10 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5236 http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded Common Vulnerability Exposure (CVE) ID: CVE-2014-5237 Bugtraq: 20140915 Open-Xchange Security Advisory 2014-09-15 (Google Search) http://www.securityfocus.com/archive/1/533443/100/0/threaded
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.