CVE-2021-38376

CVE-2021-38376

EPSS 1.4%

OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/165038/OX-App-Suite-7.10.5-Cross-Site-Scripting-Information-Disclosure.html https://seclists.org/fulldisclosure/2021/Nov/43 https://www.open-xchange.com