VYPR
Unrated severityNVD Advisory· Published Dec 1, 2014· Updated Jun 17, 2026

CVE-2014-5237

CVE-2014-5237

Description

Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • cpe:2.3:a:open-xchange:app_suite:7.4.2:rev6:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:open-xchange:app_suite:7.4.2:rev6:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:app_suite:7.4.2:rev7:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:app_suite:7.4.2:rev8:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:app_suite:7.4.2:rev9:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:app_suite:7.6.0:rev6:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:app_suite:7.6.0:rev7:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:app_suite:7.6.0:rev8:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:app_suite:7.6.0:rev9:*:*:*:*:*:*
    • (no CPE)range: <7.4.2-rev10, <7.6.0-rev10

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.