CVE-2023-29047
Summary
| CVE | CVE-2023-29047 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-11-02 14:15:00 UTC |
| Updated | 2024-01-12 07:15:00 UTC |
| Description | Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Open-xchange | Open-xchange Appsuite | All | All | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | - | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6069 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6073 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6080 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6085 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6093 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6102 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6112 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6121 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6133 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6138 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6141 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6146 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6147 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6148 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6150 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6156 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6161 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6166 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6173 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6176 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6178 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6189 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6194 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6199 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6204 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6205 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6209 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6210 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6214 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6215 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6216 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6218 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6219 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6220 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6227 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6230 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6233 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6235 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6236 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6239 | All | All |
| Application | Open-xchange | Open-xchange Appsuite | 7.10.6 | patch_release_6241 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0004.json | MISC | documentation.open-xchange.com | |
| documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json | documentation.open-xchange.com | ||
| software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.... | MISC | software.open-xchange.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.