Classification: TLP:GREEN

Internal reference: MWB-2534
Type: CWE-601 (URL Redirection to Untrusted Site ('Open Redirect'))
Component: backend
Report confidence: Confirmed
Solution status: Fixed by vendor
Last affected revision: OX App Suite backend 7.10.6-rev66, OX App Suite backend 8.24.7
First fixed revision: OX App Suite backend 7.10.6-rev67, OX App Suite backend 8.24.8
Discovery date: 2024-03-05
Solution date: 2024-07-08
Disclosure date: 2024-07-08
CVE: CVE-2024-22243
CVSS: 8.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)

Details:
CVE-2024-22243 Spring Framework URL Parsing with Host Validation. A "open redirect" vulnerability has been reported for a version of the Spring Framework which is shipped with OX App Suite.

Risk:
Please see CVE-2024-22243 "Spring Framework URL Parsing with Host Validation" for more information by the vendor of the affected third-party component. No publicly available exploits are known.

Solution:
Please deploy the provided updates and patch releases. The Spring framework shipped with OX App Suite and depending components has been updated as a precaution to avoid exposure to CVE-2024-22243.