OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
Weakness
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Open-xchange_appsuite | Open-xchange | * | 7.10.5 (excluding) |
| Open-xchange_appsuite | Open-xchange | 7.10.5 (including) | 7.10.5 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_5961 (including) | 7.10.5-patch_release_5961 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_5973 (including) | 7.10.5-patch_release_5973 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_5976 (including) | 7.10.5-patch_release_5976 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_5982 (including) | 7.10.5-patch_release_5982 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_5989 (including) | 7.10.5-patch_release_5989 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_5994 (including) | 7.10.5-patch_release_5994 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6000 (including) | 7.10.5-patch_release_6000 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6003 (including) | 7.10.5-patch_release_6003 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6008 (including) | 7.10.5-patch_release_6008 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6010 (including) | 7.10.5-patch_release_6010 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6016 (including) | 7.10.5-patch_release_6016 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6020 (including) | 7.10.5-patch_release_6020 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6026 (including) | 7.10.5-patch_release_6026 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6029 (including) | 7.10.5-patch_release_6029 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6034 (including) | 7.10.5-patch_release_6034 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6035 (including) | 7.10.5-patch_release_6035 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6038 (including) | 7.10.5-patch_release_6038 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6046 (including) | 7.10.5-patch_release_6046 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6051 (including) | 7.10.5-patch_release_6051 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6053 (including) | 7.10.5-patch_release_6053 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6060 (including) | 7.10.5-patch_release_6060 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6061 (including) | 7.10.5-patch_release_6061 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6066 (including) | 7.10.5-patch_release_6066 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6068 (including) | 7.10.5-patch_release_6068 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6072 (including) | 7.10.5-patch_release_6072 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6079 (including) | 7.10.5-patch_release_6079 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6084 (including) | 7.10.5-patch_release_6084 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6092 (including) | 7.10.5-patch_release_6092 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6101 (including) | 7.10.5-patch_release_6101 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6111 (including) | 7.10.5-patch_release_6111 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6120 (including) | 7.10.5-patch_release_6120 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6132 (including) | 7.10.5-patch_release_6132 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6137 (including) | 7.10.5-patch_release_6137 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6140 (including) | 7.10.5-patch_release_6140 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.5-patch_release_6149 (including) | 7.10.5-patch_release_6149 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6 (including) | 7.10.6 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6069 (including) | 7.10.6-patch_release_6069 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6073 (including) | 7.10.6-patch_release_6073 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6080 (including) | 7.10.6-patch_release_6080 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6085 (including) | 7.10.6-patch_release_6085 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6093 (including) | 7.10.6-patch_release_6093 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6102 (including) | 7.10.6-patch_release_6102 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6112 (including) | 7.10.6-patch_release_6112 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6121 (including) | 7.10.6-patch_release_6121 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6133 (including) | 7.10.6-patch_release_6133 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6138 (including) | 7.10.6-patch_release_6138 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6141 (including) | 7.10.6-patch_release_6141 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6146 (including) | 7.10.6-patch_release_6146 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6147 (including) | 7.10.6-patch_release_6147 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6148 (including) | 7.10.6-patch_release_6148 (including) |
| Open-xchange_appsuite | Open-xchange | 7.10.6-patch_release_6150 (including) | 7.10.6-patch_release_6150 (including) |