CVE-2020-12645 Information

Description

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header spoofed vacation notices and /apps/load memory consumption.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://seclists.org/fulldisclosure/2020/Aug/14 https://www.open-xchange.com/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8