{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T19:53:35.444","vulnerabilities":[{"cve":{"id":"CVE-2023-29048","sourceIdentifier":"security@open-xchange.com","published":"2024-01-08T09:15:19.893","lastModified":"2024-11-21T07:56:26.800","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.\n\n"},{"lang":"es","value":"Se podría abusar de un componente para analizar plantillas OXMF para ejecutar comandos arbitrarios del sistema que se ejecutarían como usuario de tiempo de ejecución sin privilegios. Los usuarios y atacantes podrían ejecutar comandos del sistema con privilegios limitados para obtener acceso no autorizado a información confidencial y potencialmente violar la integridad al modificar recursos. El motor de plantillas se ha reconfigurado para denegar la ejecución de comandos dañinos a nivel del sistema. No se conocen exploits disponibles públicamente."}],"metrics":{"cvssMetricV31":[{"source":"security@open-xchange.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@open-xchange.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:*:*:*:*:*:*:*:*","versionEndExcluding":"7.10.6","matchCriteriaId":"5BBF1862-B6FF-4F32-A3C1-59D28BA25F81"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:-:*:*:*:*:*:*","matchCriteriaId":"3A4EAD2E-C3C3-4C79-8C42-375FFE638486"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev01:*:*:*:*:*:*","matchCriteriaId":"39198733-D227-4935-9A60-1026040D262F"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev02:*:*:*:*:*:*","matchCriteriaId":"3C86EE81-8CD4-4131-969A-BDA24B9B48E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev03:*:*:*:*:*:*","matchCriteriaId":"F9E9C869-7DA9-4EFA-B613-82BA127F6CE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev04:*:*:*:*:*:*","matchCriteriaId":"F8FAA329-5893-412B-8349-4DA3023CC76E"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev05:*:*:*:*:*:*","matchCriteriaId":"BB6A57A4-B18D-498D-9A8C-406797A6255C"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev06:*:*:*:*:*:*","matchCriteriaId":"7F0977F0-90B4-48B4-BED6-C218B5CA5E03"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev07:*:*:*:*:*:*","matchCriteriaId":"4D55DE67-8F93-48F3-BE54-D3A065479281"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev08:*:*:*:*:*:*","matchCriteriaId":"D27980B4-B71B-4DA8-B130-F0B5929F8E65"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev09:*:*:*:*:*:*","matchCriteriaId":"DD1709BC-7DEB-4508-B3C3-B20F5FD001A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev10:*:*:*:*:*:*","matchCriteriaId":"08A6BDD5-259E-4DC3-A548-00CD0D459749"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev11:*:*:*:*:*:*","matchCriteriaId":"B8166FF4-77D8-4A12-92E5-615B3DA2E602"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev12:*:*:*:*:*:*","matchCriteriaId":"999F057B-7918-461A-B60C-3BE72E92CDC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev13:*:*:*:*:*:*","matchCriteriaId":"88FD1550-3715-493E-B674-9ECF3DD7A813"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev14:*:*:*:*:*:*","matchCriteriaId":"F31A4949-397F-4D1B-8AEA-AC7B335722F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev15:*:*:*:*:*:*","matchCriteriaId":"D33A91D4-CE21-486D-9469-B09060B8C637"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev16:*:*:*:*:*:*","matchCriteriaId":"5E3E5CD2-7631-4DBE-AB4D-669E82BCCAD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev17:*:*:*:*:*:*","matchCriteriaId":"2BEE0AF0-3D22-4DE7-9E71-A4469D9CA2EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev18:*:*:*:*:*:*","matchCriteriaId":"AAFB199C-1D66-442D-AD7E-414DD339E1D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev19:*:*:*:*:*:*","matchCriteriaId":"26322561-2491-4DC7-B974-0B92B61A5BDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev20:*:*:*:*:*:*","matchCriteriaId":"A6BA6C2B-F2D5-4FF7-B316-C8E99C2B464B"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev21:*:*:*:*:*:*","matchCriteriaId":"733E4A65-821B-4187-AA3A-1ACD3E882C07"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev22:*:*:*:*:*:*","matchCriteriaId":"6B0A0043-33E8-4440-92AC-DDD70EA39535"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev23:*:*:*:*:*:*","matchCriteriaId":"303205CC-8BDE-47EE-A675-9BA19983139A"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev24:*:*:*:*:*:*","matchCriteriaId":"8C088014-47D6-4632-9FB5-2C7B1085B762"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev25:*:*:*:*:*:*","matchCriteriaId":"42CF6057-EB40-4208-9F1E-83213E97987C"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev26:*:*:*:*:*:*","matchCriteriaId":"966BC23E-B8CE-4F98-B3A6-4B620E8808BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev27:*:*:*:*:*:*","matchCriteriaId":"7409CE19-ACC1-4AF4-8C8A-AE2CDBB63D3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev28:*:*:*:*:*:*","matchCriteriaId":"17D71CDE-3111-459B-8520-F62E0D5D2972"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev29:*:*:*:*:*:*","matchCriteriaId":"6D808ED6-F819-4014-BD24-4537D52DDFB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev30:*:*:*:*:*:*","matchCriteriaId":"B3792A91-10E9-42D9-B852-37D369D8364E"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev31:*:*:*:*:*:*","matchCriteriaId":"6F0BFEEF-8B19-4F71-B7F1-2CC94969616F"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev32:*:*:*:*:*:*","matchCriteriaId":"52003F06-9351-49B6-A3C5-A2B6FC0B9F4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev33:*:*:*:*:*:*","matchCriteriaId":"C8786112-32AE-4BA5-8D66-D4E2429D3228"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev34:*:*:*:*:*:*","matchCriteriaId":"3A67F528-0248-4E24-A5AB-2995ED7D2600"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev35:*:*:*:*:*:*","matchCriteriaId":"AE090C73-E093-4BD9-BEFE-634179500A78"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev36:*:*:*:*:*:*","matchCriteriaId":"0A7CF0F7-5DF5-4749-A777-0F9EDCD14EA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev37:*:*:*:*:*:*","matchCriteriaId":"EBE620A7-F071-4412-B0CE-7BCBF3BD7311"},{"vulnerable":true,"criteria":"cpe:2.3:a:open-xchange:ox_app_suite:7.10.6:rev50:*:*:*:*:*:*","matchCriteriaId":"1D7A5899-0795-452E-8B43-75C266AE6B88"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html","source":"security@open-xchange.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2024/Jan/3","source":"security@open-xchange.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json","source":"security@open-xchange.com","tags":["Issue Tracking"]},{"url":"https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf","source":"security@open-xchange.com","tags":["Release Notes"]},{"url":"http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2024/Jan/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0005.json","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6248_7.10.6_2023-09-19.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}}]}