製品・ソフトウェアに関する情報

JVN脆弱性詳細

Open-Xchange の OX App Suite におけるクロスサイトスクリプティングの脆弱性

タイトル	Open-Xchange の OX App Suite におけるクロスサイトスクリプティングの脆弱性
概要	Open-Xchange の OX App Suite には、クロスサイトスクリプティングの脆弱性が存在します。
想定される影響	情報を取得される、および情報を改ざんされる可能性があります。
対策	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
公表日	2023年8月30日0:00
登録日	2024年10月18日12:41
最終更新日	2024年10月18日12:41

CVSS3.0 : 警告
スコア	5.4
ベクター	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

影響を受けるシステム

Open-Xchange

OX App Suite 7.10.6

OX App Suite 7.10.6 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2023-41708	https://www.cve.org/CVERecord?id=CVE-2023-41708
National Vulnerability Database (NVD)
2	CVE-2023-41708	https://nvd.nist.gov/vuln/detail/CVE-2023-41708

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

その他

No	名前	URL
関連文書
1	documentation.open-xchange.com (oxas-adv-2023-0007.json)	https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json
2	software.open-xchange.com (Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11)	https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf

変更履歴

No	変更内容	変更日
1	[2024年10月18日] 掲載	2024年10月18日11:59

NVD脆弱性情報

CVE-2023-41708

概要	References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known.
公表日	2024年2月12日18:15
登録日	2024年2月13日10:00
最終更新日	2024年11月21日17:21

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::				7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243::::::

構成1	以上	以下	より上	未満
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::				7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243::::::

No	URL	タグ
1	https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json	Vendor Advisory
2	https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json	Vendor Advisory
3	https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf	Vendor Advisory
4	https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf	Vendor Advisory