OXAS-ADV-2024-0005

Metadata

Document type: OX App Suite Security Advisory
Publisher: Open-Xchange GmbH
Classification: TLP:GREEN
Publication Date: 2024-07-08
Current version: 2
Version status: Final
Aggregate severity: High

References

Vulnerabilities

CVE-2024-22243: CVE-2024-22243 Spring Framework URL Parsing with Host Validation

CVE reference: CVE-2024-22243open in new window
Internal reference: MWB-2534
CWE: CWE-601 (URL Redirection to Untrusted Site ('Open Redirect'))
Discovery date: 2024-03-05

Description

A "open redirect" vulnerability has been reported for a version of the Spring Framework which is shipped with OX App Suite.

Product status

Last affected

Products	CVSS-Vector	CVSS Base Score
OX App Suite backend 7.10.6-rev66	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N	8.1
OX App Suite backend 8.24.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N	8.1

Threats

Impact

Please see CVE-2024-22243 "Spring Framework URL Parsing with Host Validation" for more information by the vendor of the affected third-party component.

Exploit status

No publicly available exploits are known.

Remediation

Vendor fix (2024-07-08)

For products

OX App Suite backend 7.10.6-rev67
OX App Suite backend 8.24.8

Please deploy the provided updates and patch releases. The Spring framework shipped with OX App Suite and depending components has been updated as a precaution to avoid exposure to CVE-2024-22243.

# OXAS-ADV-2024-0005

# Metadata

# References

# Vulnerabilities

# CVE-2024-22243: CVE-2024-22243 Spring Framework URL Parsing with Host Validation

# Description

# Product status

# Last affected

# Threats

# Impact

# Exploit status

# Remediation

# Vendor fix (2024-07-08)

# For products