CVE-2014-5236 - Vulnerability Details

Vendors	Products
Open-xchange	Open-xchange Appsuite

Link	Providers
http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html
http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf
http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-31T21:16:52", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5236", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"}, {"name": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", "refsource": "MISC", "url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"}, {"name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", "refsource": "MISC", "url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:41:48.270Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-5236", "datePublished": "2020-01-31T21:16:52", "dateReserved": "2014-08-13T00:00:00", "dateUpdated": "2024-08-06T11:41:48.270Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-09-15T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-01-31T21:16:52 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2014-5236 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html (string)

refsource : MISC (string)

url : http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html (string)

}

1 : { »

name : http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded (string)

refsource : MISC (string)

url : http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded (string)

}

2 : { »

name : http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf (string)

refsource : MISC (string)

url : http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T11:41:48.270Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2014-5236 (string)

datePublished : 2020-01-31T21:16:52 (string)

dateReserved : 2014-08-13T00:00:00 (string)

dateUpdated : 2024-08-06T11:41:48.270Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", "matchCriteriaId": "567B4139-220A-46A7-B847-616F99A1EA66", "versionEndIncluding": "7.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A708019-6229-4768-994C-5A51B0495CAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision1:*:*:*:*:*:*", "matchCriteriaId": "A4895984-4266-4924-A9C4-4DFEA90AFF79", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision10:*:*:*:*:*:*", "matchCriteriaId": "39A9F45E-5CAB-4BE5-8EAB-9E5ED43B4381", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision2:*:*:*:*:*:*", "matchCriteriaId": "72DB60BE-F818-4481-95BD-C0C1A42F2618", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision3:*:*:*:*:*:*", "matchCriteriaId": "0B54DE9D-563C-45A9-BDED-3F216FECF28B", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision4:*:*:*:*:*:*", "matchCriteriaId": "F2A40E87-368E-4815-9988-1153E1866103", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision5:*:*:*:*:*:*", "matchCriteriaId": "E112E77E-C2CC-40D4-A8DC-F1FF76305CA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision6:*:*:*:*:*:*", "matchCriteriaId": "76A099A1-23A0-4F0B-84C4-05C687F24F20", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision7:*:*:*:*:*:*", "matchCriteriaId": "D0E95BA0-1517-4DAA-93B5-2B84DF4C3074", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision8:*:*:*:*:*:*", "matchCriteriaId": "5F1899F3-6554-4C42-ACA2-4C22993D49DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision9:*:*:*:*:*:*", "matchCriteriaId": "A45F679A-7F4D-49A5-8B95-E588102601F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A0A22E01-73E0-4140-8BA1-AB147A9471CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision1:*:*:*:*:*:*", "matchCriteriaId": "91DC49BA-9FF4-4E0F-9723-E8F2970D6835", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision2:*:*:*:*:*:*", "matchCriteriaId": "BB0ABA40-F8EF-4368-98A6-083F0E4528EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision3:*:*:*:*:*:*", "matchCriteriaId": "B9E00E96-8D99-4579-8104-274908F3AAD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision4:*:*:*:*:*:*", "matchCriteriaId": "733FEC4F-0DC2-49DE-8660-449CCE5A7F2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision5:*:*:*:*:*:*", "matchCriteriaId": "CFA35536-65FA-4228-9C84-CC69C91B3A3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision6:*:*:*:*:*:*", "matchCriteriaId": "0A6AABD0-D82F-465B-8B73-CA0B8A611DB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision7:*:*:*:*:*:*", "matchCriteriaId": "85511C44-A366-4F62-944B-AEEDB8A6B938", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision8:*:*:*:*:*:*", "matchCriteriaId": "D3AD4BE8-CC1D-4FFA-B890-F565EA555366", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de ruta absoluto en documentconverter en Open-Xchange (OX) AppSuite versiones anteriores a 7.4.2-rev10 y versiones 7.6.x anteriores a 7.6.0-rev10, permiten a atacantes remotos leer archivos de aplicaci\u00f3n por medio de un nombre de ruta completo en un (1) objeto OLE o (2) imagen dise\u00f1ada en un archivo de texto OpenDocument."}], "id": "CVE-2014-5236", "lastModified": "2024-11-21T02:11:40.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-31T22:15:10.573", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 567B4139-220A-46A7-B847-616F99A1EA66 (string)

versionEndIncluding : 7.4.1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A708019-6229-4768-994C-5A51B0495CAC (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision1:*:*:*:*:*:* (string)

matchCriteriaId : A4895984-4266-4924-A9C4-4DFEA90AFF79 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision10:*:*:*:*:*:* (string)

matchCriteriaId : 39A9F45E-5CAB-4BE5-8EAB-9E5ED43B4381 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision2:*:*:*:*:*:* (string)

matchCriteriaId : 72DB60BE-F818-4481-95BD-C0C1A42F2618 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision3:*:*:*:*:*:* (string)

matchCriteriaId : 0B54DE9D-563C-45A9-BDED-3F216FECF28B (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision4:*:*:*:*:*:* (string)

matchCriteriaId : F2A40E87-368E-4815-9988-1153E1866103 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision5:*:*:*:*:*:* (string)

matchCriteriaId : E112E77E-C2CC-40D4-A8DC-F1FF76305CA8 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision6:*:*:*:*:*:* (string)

matchCriteriaId : 76A099A1-23A0-4F0B-84C4-05C687F24F20 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision7:*:*:*:*:*:* (string)

matchCriteriaId : D0E95BA0-1517-4DAA-93B5-2B84DF4C3074 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision8:*:*:*:*:*:* (string)

matchCriteriaId : 5F1899F3-6554-4C42-ACA2-4C22993D49DA (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:revision9:*:*:*:*:*:* (string)

matchCriteriaId : A45F679A-7F4D-49A5-8B95-E588102601F9 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A0A22E01-73E0-4140-8BA1-AB147A9471CD (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision1:*:*:*:*:*:* (string)

matchCriteriaId : 91DC49BA-9FF4-4E0F-9723-E8F2970D6835 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision2:*:*:*:*:*:* (string)

matchCriteriaId : BB0ABA40-F8EF-4368-98A6-083F0E4528EF (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision3:*:*:*:*:*:* (string)

matchCriteriaId : B9E00E96-8D99-4579-8104-274908F3AAD5 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision4:*:*:*:*:*:* (string)

matchCriteriaId : 733FEC4F-0DC2-49DE-8660-449CCE5A7F2F (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision5:*:*:*:*:*:* (string)

matchCriteriaId : CFA35536-65FA-4228-9C84-CC69C91B3A3F (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision6:*:*:*:*:*:* (string)

matchCriteriaId : 0A6AABD0-D82F-465B-8B73-CA0B8A611DB8 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision7:*:*:*:*:*:* (string)

matchCriteriaId : 85511C44-A366-4F62-944B-AEEDB8A6B938 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:revision8:*:*:*:*:*:* (string)

matchCriteriaId : D3AD4BE8-CC1D-4FFA-B890-F565EA555366 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. (string)

}

1 : { »

lang : es (string)

value : Múltiples vulnerabilidades de salto de ruta absoluto en documentconverter en Open-Xchange (OX) AppSuite versiones anteriores a 7.4.2-rev10 y versiones 7.6.x anteriores a 7.6.0-rev10, permiten a atacantes remotos leer archivos de aplicación por medio de un nombre de ruta completo en un (1) objeto OLE o (2) imagen diseñada en un archivo de texto OpenDocument. (string)

}

]

id : CVE-2014-5236 (string)

lastModified : 2024-11-21T02:11:40.067 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-01-31T22:15:10.573 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-22 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object