{"id":"CVE-2022-43698","details":"OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.","modified":"2026-04-10T04:52:09.468964Z","published":"2023-04-15T02:15:07.183Z","references":[{"type":"WEB","url":"https://open-xchange.com"},{"type":"ADVISORY","url":"https://seclists.org/fulldisclosure/2023/Feb/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open-xchange/appsuite-frontend","events":[{"introduced":"0"},{"fixed":"489e7d0bf2bb0dc4c984860c4ce6f4d772086875"},{"introduced":"0"},{"last_affected":"489e7d0bf2bb0dc4c984860c4ce6f4d772086875"},{"introduced":"0"},{"last_affected":"3bf675812dfb666d3dc1bacfc72ed6ba4f19643f"},{"introduced":"0"},{"last_affected":"cda1b78b8fa8d35a1602003a9d90fddef2461694"},{"introduced":"0"},{"last_affected":"726dba94c43ad95f10aadd3e6ac2bbe4debf4347"},{"introduced":"0"},{"last_affected":"22378bdb996bcf376a5122b6f001c7c7c7b7088b"},{"introduced":"0"},{"last_affected":"3390ea1e54eab7c269d5e5f2e6791f36cf1ebff8"},{"introduced":"0"},{"last_affected":"281ea2f50a7c2c686d66b51e4c8782f6fa5ce75f"},{"introduced":"0"},{"last_affected":"065be8690dd07bd17ab711961085b4350dcbd7e2"},{"introduced":"0"},{"last_affected":"41eee98c698de20700aa45222fdefebc86fee3db"},{"introduced":"0"},{"last_affected":"4703ef3de5fb9e5c9187a33edfba8867561f2fe2"},{"introduced":"0"},{"last_affected":"7bfa5af1d7745d2ec61a8537c56734dc809c2e34"},{"introduced":"0"},{"last_affected":"3e8727d4155bd7aa6c1c45fc73e7bae75d6c7792"},{"introduced":"0"},{"last_affected":"7478627b8aa3e8da77d9ac54788ebb6e163ebbf0"},{"introduced":"0"},{"last_affected":"ea2365c9bde278334ffb54d6b34a1f7ef0a0c884"},{"introduced":"0"},{"last_affected":"021e33ad79d579d1aafd21fde5da27ab133bdfd1"},{"introduced":"0"},{"last_affected":"26b9f421ce109fdc1b0d62eea79ad394e4f46087"},{"introduced":"0"},{"last_affected":"8812d22a3cf1d7865f5e7a73151c0da12094393a"},{"introduced":"0"},{"last_affected":"a77b31dd0452e95f1556ef8e05cf66330a3c2821"},{"introduced":"0"},{"last_affected":"4952e487347f9b7a66aab46b3da5aaea38faf970"},{"introduced":"0"},{"last_affected":"31c26beab22872a14b9ded7908efcae6438be25e"},{"introduced":"0"},{"last_affected":"44346efd29f6f2a5bc2880a95ffbe885c86898f2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"7.10.6"},{"introduced":"0"},{"last_affected":"7.10.6-NA"},{"introduced":"0"},{"last_affected":"7.10.6-rev10"},{"introduced":"0"},{"last_affected":"7.10.6-rev11"},{"introduced":"0"},{"last_affected":"7.10.6-rev12"},{"introduced":"0"},{"last_affected":"7.10.6-rev13"},{"introduced":"0"},{"last_affected":"7.10.6-rev14"},{"introduced":"0"},{"last_affected":"7.10.6-rev15"},{"introduced":"0"},{"last_affected":"7.10.6-rev16"},{"introduced":"0"},{"last_affected":"7.10.6-rev17"},{"introduced":"0"},{"last_affected":"7.10.6-rev18"},{"introduced":"0"},{"last_affected":"7.10.6-rev19"},{"introduced":"0"},{"last_affected":"7.10.6-rev20"},{"introduced":"0"},{"last_affected":"7.10.6-rev21"},{"introduced":"0"},{"last_affected":"7.10.6-rev22"},{"introduced":"0"},{"last_affected":"7.10.6-rev23"},{"introduced":"0"},{"last_affected":"7.10.6-rev24"},{"introduced":"0"},{"last_affected":"7.10.6-rev25"},{"introduced":"0"},{"last_affected":"7.10.6-rev26"},{"introduced":"0"},{"last_affected":"7.10.6-rev27"},{"introduced":"0"},{"last_affected":"7.10.6-rev28"},{"introduced":"0"},{"last_affected":"7.10.6-rev29"}]}}],"versions":["7.10.0-0","7.10.0-2","7.10.3-0","7.10.4-0","7.10.4-1","7.10.5-0","7.10.5-1","7.10.5-2","7.10.6-0","7.10.6-10","7.10.6-11","7.10.6-12","7.10.6-13","7.10.6-14","7.10.6-15","7.10.6-16","7.10.6-17","7.10.6-18","7.10.6-19","7.10.6-20","7.10.6-21","7.10.6-22","7.10.6-23","7.10.6-24","7.10.6-25","7.10.6-26","7.10.6-27","7.10.6-28","7.10.6-29","7.4.1-6","7.6.2-13","7.6.2-16","7.6.2-18","7.6.2-19","7.6.2-22","7.6.2-23","7.6.2-24","7.8.0-10","7.8.0-11","7.8.0-12","7.8.0-19","7.8.0-7","7.8.0-8","7.8.1-10","7.8.1-11","7.8.1-14","7.8.2-14","7.8.2-16","7.8.2-5","7.8.2-6","7.8.2-7","7.8.2-9","7.8.3-10","7.8.3-9","as-next"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev01"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev02"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev03"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev04"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev05"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev06"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev07"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev08"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev09"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43698.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}