Login Sign Up

CVE-2023-26439

7.6 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in the cacheservice API allows attackers with local or restricted network access to execute arbitrary SQL queries. This can lead to unauthorized access to cached user data. The vulnerability affects OX App Suite installations with insufficient input sanitization.

💻 Affected Systems

Products:
  • OX App Suite
Versions: Versions before 7.10.6 rev 6230
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires network access to the cacheservice API endpoint

📦 What is this software?

Open Xchange Appsuite Office by Open Xchange

View all CVEs affecting Open Xchange Appsuite Office →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract sensitive cached user data, potentially including authentication tokens, personal information, or application data, leading to full system compromise.

🟠

Likely Case

Unauthorized access to cached session data or user information, potentially enabling privilege escalation or data theft.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to authorized users only.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to the vulnerable endpoint but no authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.10.6 rev 6230

Vendor Advisory: https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.json

Restart Required: Yes

Instructions:

1. Download patch release 6230 from Open-Xchange portal. 2. Apply the patch according to OX App Suite update procedures. 3. Restart affected services.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to cacheservice API endpoints to trusted hosts only

iptables -A INPUT -p tcp --dport [cacheservice-port] -s [trusted-network] -j ACCEPT
iptables -A INPUT -p tcp --dport [cacheservice-port] -j DROP

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate cacheservice from untrusted networks
  • Deploy web application firewall with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check OX App Suite version against affected versions list

Check Version:

Check OX App Suite admin interface or configuration files for version information

Verify Fix Applied:

Verify installation of patch release 6230 and test API input validation

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL query patterns in application logs
  • Multiple failed API calls with SQL syntax in parameters

Network Indicators:

  • Unusual traffic to cacheservice API endpoints
  • SQL keywords in HTTP request parameters

SIEM Query:

source="appsuite.log" AND ("SQL" OR "SELECT" OR "UNION") AND "cacheservice"

📊 Metadata

CVE ID: CVE-2023-26439
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-89
Published: August 2, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26439, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)