Vulnerability Description
OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Xchange | Ox App Suite | <= 7.10.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-ScripExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2021/Nov/43ExploitMailing ListThird Party Advisory
- https://www.open-xchange.comProduct
- http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-ScripExploitThird Party Advisory
- https://seclists.org/fulldisclosure/2021/Nov/43ExploitMailing ListThird Party Advisory
- https://www.open-xchange.comProduct
FAQ
What is CVE-2021-38376?
CVE-2021-38376 is a vulnerability with a CVSS score of 5.3 (MEDIUM). OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.
How severe is CVE-2021-38376?
CVE-2021-38376 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38376?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Ox App Suite.