CVE-2014-5237
CVE-2014-5237 is a medium-severity vulnerability in Open-xchange App Suite with a CVSS 2.0 base score of 4.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.3)
- EPSS exploit prediction: 2% (82nd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Open-xchange App Suite
- Published:
- Last modified:
Description
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.
Frequently asked questions
- What is CVE-2014-5237?
- Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.
- How severe is CVE-2014-5237?
- CVE-2014-5237 has a CVSS 2.0 base score of 4.3, rated medium severity.
- Is CVE-2014-5237 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (82nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2014-5237?
- CVE-2014-5237 primarily affects Open-xchange App Suite. In total, 8 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2014-5237?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2014-5237 published?
- CVE-2014-5237 was published on 2014-12-01 and last updated on 2026-06-17.
References
- http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html
- http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf
- http://www.securityfocus.com/archive/1/533443/100/0/threaded
Affected products (8)
- cpe:2.3:a:open-xchange:app_suite:7.4.2:rev6:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:app_suite:7.4.2:rev7:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:app_suite:7.4.2:rev8:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:app_suite:7.4.2:rev9:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:app_suite:7.6.0:rev6:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:app_suite:7.6.0:rev7:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:app_suite:7.6.0:rev8:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:app_suite:7.6.0:rev9:*:*:*:*:*:*
More vulnerabilities in Open-xchange App Suite
- CVE-2022-23099 — Medium (CVSS 5.4): OX App Suite through 7.10.6 allows XSS by forcing block-wise read.