CVE-2018-13103
Description
OX App Suite 7.8.4 and earlier allows SSRF.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OX App Suite 7.8.4 and earlier is vulnerable to server-side request forgery (SSRF), allowing an attacker to make internal network requests.
Vulnerability
OX App Suite versions 7.8.4 and earlier contain a server-side request forgery (SSRF) vulnerability. The exact vulnerable component is not detailed in the available reference [1], but the issue allows the application to make requests to internal or external resources on behalf of the server.
Exploitation
The available reference does not provide specific exploitation steps. Typically, SSRF exploitation requires an attacker to craft a request that causes the server to make a request to an attacker-controlled or internal resource. No authentication or user interaction details are disclosed in the reference.
Impact
Successful exploitation could allow an attacker to probe internal networks, access internal services, or retrieve sensitive information from internal systems. The exact impact depends on the network configuration and the services accessible from the OX App Suite server.
Mitigation
The vulnerability is fixed in a version later than 7.8.4. Users should upgrade to the latest version of OX App Suite. No workaround is provided in the reference. The CVE was published in 2019, so patches should be available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=7.8.4
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2019/Jan/46mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.