CVE-2022-24405
Description
OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OX App Suite through 7.10.6 is vulnerable to OS command injection via a serialized Java class sent to the Documentconverter API.
Vulnerability
OX App Suite versions through 7.10.6 contain an OS command injection vulnerability in the Documentconverter API. The API deserializes Java objects without proper validation, allowing an attacker to inject arbitrary OS commands via a crafted serialized Java class.
Exploitation
An attacker with network access to the Documentconverter API can send a malicious serialized Java object. The API deserializes the object, triggering execution of embedded OS commands. No authentication is required if the API endpoint is exposed.
Impact
Successful exploitation allows an attacker to execute arbitrary OS commands on the server, leading to full compromise of the OX App Suite instance, including data access, modification, and potential lateral movement.
Mitigation
The vulnerability affects OX App Suite through version 7.10.6. A fix version has not been disclosed in the available references. Users should monitor vendor advisories and apply updates when available. Restricting network access to the Documentconverter API may reduce risk.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- OX/App Suitedescription
- Range: <=7.10.6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- open-xchange.commitrex_refsource_MISC
- seclists.org/fulldisclosure/2022/Jul/11mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.