CVE-2023-41706

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-41706
Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf
Configurations

No configuration.

History

16 Feb 2024, 14:15

Type Values Removed Values Added
References
  • {'url': 'http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html', 'source': 'security@open-xchange.com'}
  • {'url': 'http://seclists.org/fulldisclosure/2024/Feb/10', 'source': 'security@open-xchange.com'}

14 Feb 2024, 17:15

Type Values Removed Values Added
References
  • () http://packetstormsecurity.com/files/177130/OX-App-Suite-7.10.6-Cross-Site-Scirpting-Denial-Of-Service.html -

14 Feb 2024, 03:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Feb/10 -

12 Feb 2024, 14:19

Type Values Removed Values Added
Summary
  • (es) Ahora se supervisa el tiempo de procesamiento de las expresiones de búsqueda de unidades y la solicitud relacionada finaliza si se alcanza un umbral de recursos. La disponibilidad de OX App Suite podría verse reducida debido a la alta carga de procesamiento. Implemente las actualizaciones y lanzamientos de parches proporcionados. El procesamiento de expresiones de búsqueda de unidades definidas por el usuario no está limitado. No se conocen exploits disponibles públicamente.

12 Feb 2024, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-12 09:15

Updated : 2024-02-16 14:15

NVD link : CVE-2023-41706

Mitre link : CVE-2023-41706

CVE.ORG link : CVE-2023-41706

JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption