CVE-2023-26456 - OpenCVE

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Open-xchange	Ox Guard

Configuration 1 [-]

OR	cpe:2.3:a:open-xchange:ox_guard::::::::
	cpe:2.3:a:open-xchange:ox_guard:2.10.7:-::::::
	cpe:2.3:a:open-xchange:ox_guard:2.10.7:rev4::::::
	cpe:2.3:a:open-xchange:ox_guard:2.10.7:rev5::::::
	cpe:2.3:a:open-xchange:ox_guard:2.10.7:rev6::::::

References

Link	Resource
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: OX

Published: 2023-11-02T13:01:24.351Z

Updated: 2024-01-12T07:09:35.360Z

Reserved: 2023-02-22T20:42:56.092Z

Link: CVE-2023-26456

JSON object: View

NVD Information

Status : Modified

Published: 2023-11-02T14:15:10.940

Modified: 2024-01-12T08:15:42.977

Link: CVE-2023-26456

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-26456", "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "state": "PUBLISHED", "assignerShortName": "OX", "dateReserved": "2023-02-22T20:42:56.092Z", "datePublished": "2023-11-02T13:01:24.351Z", "dateUpdated": "2024-01-12T07:09:35.360Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["guard"], "product": "OX App Suite", "vendor": "OX Software GmbH", "versions": [{"lessThanOrEqual": "2.10.7-rev6", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.</p>"}], "value": "Users were able to set an arbitrary \"product name\" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981", "shortName": "OX", "dateUpdated": "2024-01-12T07:09:35.360Z"}, "references": [{"tags": ["release-notes"], "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"}, {"tags": ["vendor-advisory"], "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"}], "source": {"defect": ["GUARD-440"], "discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open-xchange:ox_guard:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6664DDB-A2AF-4052-B94F-007AA6C39F24", "versionEndExcluding": "2.10.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:ox_guard:2.10.7:-:*:*:*:*:*:*", "matchCriteriaId": "5C7C4678-E325-45CE-BE47-E30E1536642C", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:ox_guard:2.10.7:rev4:*:*:*:*:*:*", "matchCriteriaId": "0443570E-ABA7-4F23-9B5C-B6FD78D7A318", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:ox_guard:2.10.7:rev5:*:*:*:*:*:*", "matchCriteriaId": "83773F6B-A937-4194-B194-DA1FDADC7CFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:open-xchange:ox_guard:2.10.7:rev6:*:*:*:*:*:*", "matchCriteriaId": "B5A11B45-E1B5-4C50-B7D0-8BF965103866", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Users were able to set an arbitrary \"product name\" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.\n\n"}, {"lang": "es", "value": "Los usuarios pudieron establecer un \"nombre de producto\" arbitrario para OX Guard. El valor elegido no se sanitizo lo suficiente antes de procesarlo en la interfaz de usuario, lo que permiti\u00f3 ataques indirectos de Cross Site Scripting. Las cuentas que fueron tomadas temporalmente podr\u00edan configurarse para desencadenar la ejecuci\u00f3n de c\u00f3digo persistente, lo que permitir\u00eda a un atacante establecerse. La sanitizaci\u00f3n ya est\u00e1 implementada para los nombres de los productos. No se conocen exploits disponibles p\u00fablicamente."}], "id": "CVE-2023-26456", "lastModified": "2024-01-12T08:15:42.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security@open-xchange.com", "type": "Secondary"}]}, "published": "2023-11-02T14:15:10.940", "references": [{"source": "security@open-xchange.com", "url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json"}, {"source": "security@open-xchange.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf"}], "sourceIdentifier": "security@open-xchange.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@open-xchange.com", "type": "Secondary"}]}