製品・ソフトウェアに関する情報

JVN脆弱性詳細

Open-Xchange の OX App Suite における脆弱性

タイトル	Open-Xchange の OX App Suite における脆弱性
概要	Open-Xchange の OX App Suite には、不特定の脆弱性が存在します。
想定される影響	サービス運用妨害 (DoS) 状態にされる可能性があります。
対策	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
公表日	2023年8月30日0:00
登録日	2024年10月18日17:48
最終更新日	2024年10月18日17:48

CVSS3.0 : 警告
スコア	6.5
ベクター	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

影響を受けるシステム

Open-Xchange

OX App Suite 7.10.6 より大きい 8.20 未満

OX App Suite 7.6.3

OX App Suite 7.6.3 より大きい 7.10.6 未満

OX App Suite 7.6.3 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2023-41705	https://www.cve.org/CVERecord?id=CVE-2023-41705
National Vulnerability Database (NVD)
2	CVE-2023-41705	https://nvd.nist.gov/vuln/detail/CVE-2023-41705

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-400	https://cwe.mitre.org/data/definitions/400.html
2	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

その他

No	名前	URL
関連文書
1	documentation.open-xchange.com (oxas-adv-2023-0007.json)	https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json
2	software.open-xchange.com (Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11)	https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf

変更履歴

No	変更内容	変更日
1	[2024年10月18日] 掲載	2024年10月18日17:48

NVD脆弱性情報

CVE-2023-41705

概要	Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.
公表日	2024年2月12日18:15
登録日	2024年2月13日10:00
最終更新日	2024年11月21日17:21

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::			7.10.6	8.20
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::			7.6.3	7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::				7.6.3

構成1	以上	以下	より上	未満
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6241::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6239::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6236::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6235::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6233::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6230::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6227::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6220::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6219::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6218::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6216::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6215::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6214::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6210::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6209::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6205::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6204::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6199::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6194::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6189::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6178::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6176::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6173::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6166::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6161::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6156::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::			7.10.6	8.20
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6255::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6251::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6250::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6249::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6248::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6245::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6243::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5910::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5637::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5537::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5231::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5165::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_5104::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4895::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4860::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4839::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4789::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4750::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4667::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4552::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4470::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4423::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4133::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_4047::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3991::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3949::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3922::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3875::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3728::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3627::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3569::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3519::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:patch_release_3464::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.3:-::::::
cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::			7.6.3	7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite::::::::				7.6.3

No	URL	タグ
1	https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json	Vendor Advisory
2	https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0007.json	Vendor Advisory
3	https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf	Release Notes
4	https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6259_7.10.6_2023-12-11.pdf	Release Notes