Vulnerability Details : CVE-2022-37312
Potential exploit
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
Products affected by CVE-2022-37312
- cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6149:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6140:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6137:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6132:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6120:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6111:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6101:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6092:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6084:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6079:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6072:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6068:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6066:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6061:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6060:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6053:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6051:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6046:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6038:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6035:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6034:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6029:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6026:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6020:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6016:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6010:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6008:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6003:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_6000:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5994:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5989:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5982:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5976:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5973:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:patch_release_5961:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.5:-:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:-:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6069:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6073:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6080:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6085:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6093:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6102:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6112:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6121:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6133:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6138:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6141:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6146:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6147:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6148:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite:7.10.6:patch_release_6150:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-37312
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-37312
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-04-14 |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2022-37312
-
The product does not properly control the allocation and maintenance of a limited resource.Assigned by: nvd@nist.gov (Primary)
-
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2022-37312
-
https://open-xchange.com
Home | Open-XchangeVendor Advisory
-
https://seclists.org/fulldisclosure/2022/Nov/18
Full Disclosure: Open-Xchange Security Advisory 2022-11-24Exploit;Mailing List;Third Party Advisory
Jump to