CVE-2023-29048 — HIGH (8.8)

Q: How severe is CVE-2023-29048?

CVE-2023-29048 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-29048?

Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Ox App Suite.

Vulnerability Description

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Open-Xchange	Ox App Suite	< 7.10.6

Related Weaknesses (CWE)

CWE-78

References

http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-ExecThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2024/Jan/3Mailing ListThird Party Advisory
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxIssue Tracking
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release Notes
http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-ExecThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2024/Jan/3Mailing ListThird Party Advisory
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxIssue Tracking
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release Notes

FAQ

What is CVE-2023-29048?

CVE-2023-29048 is a vulnerability with a CVSS score of 8.8 (HIGH). A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands wit...

How severe is CVE-2023-29048?

CVE-2023-29048 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-29048?

Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Ox App Suite.