Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-29046
Modified
More InfoOfficial Page
Source-security@open-xchange.com
View Known Exploited Vulnerability (KEV) details
Published At-02 Nov, 2023 | 14:15
Updated At-12 Jan, 2024 | 07:15

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>Versions before 7.10.6(exclusive)
cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239:*:*:*:*:*:*
Open-Xchange AG
open-xchange
>>open-xchange_appsuite>>7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE-400Secondarysecurity@open-xchange.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.jsonsecurity@open-xchange.com
N/A
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdfsecurity@open-xchange.com
Release Notes
Vendor Advisory
Change History
0Changes found
Details not found