CVE-2021-28094

OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash collisions can occur, due to use of CRC32.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:open-xchange:open-xchange_documents:*:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:-:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision1:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision2:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision3:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision4:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision5:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_documents:7.10.5:revision6:*:*:*:*:*:*

History

21 Nov 2024, 05:59

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html - Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/163569/OX-Documents-7.10.5-Improper-Authorization.html - Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2021/Jul/37 - Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2021/Jul/37 - Mailing List, Third Party Advisory
References () https://www.open-xchange.com - Product () https://www.open-xchange.com - Product

Information

Published : 2021-07-30 14:15

Updated : 2024-11-21 05:59


NVD link : CVE-2021-28094

Mitre link : CVE-2021-28094

CVE.ORG link : CVE-2021-28094


JSON object : View

Products Affected

open-xchange

  • open-xchange_documents
CWE
CWE-326

Inadequate Encryption Strength