{"id":"CVE-2023-24599","details":"OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka \"ID confusion.\"","modified":"2026-04-10T04:55:52.592027Z","published":"2023-05-29T03:15:09.543Z","references":[{"type":"WEB","url":"https://open-xchange.com"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2023/May/3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open-xchange/appsuite-frontend","events":[{"introduced":"0"},{"fixed":"489e7d0bf2bb0dc4c984860c4ce6f4d772086875"},{"introduced":"0"},{"last_affected":"489e7d0bf2bb0dc4c984860c4ce6f4d772086875"},{"introduced":"0"},{"last_affected":"3bf675812dfb666d3dc1bacfc72ed6ba4f19643f"},{"introduced":"0"},{"last_affected":"cda1b78b8fa8d35a1602003a9d90fddef2461694"},{"introduced":"0"},{"last_affected":"726dba94c43ad95f10aadd3e6ac2bbe4debf4347"},{"introduced":"0"},{"last_affected":"22378bdb996bcf376a5122b6f001c7c7c7b7088b"},{"introduced":"0"},{"last_affected":"3390ea1e54eab7c269d5e5f2e6791f36cf1ebff8"},{"introduced":"0"},{"last_affected":"281ea2f50a7c2c686d66b51e4c8782f6fa5ce75f"},{"introduced":"0"},{"last_affected":"065be8690dd07bd17ab711961085b4350dcbd7e2"},{"introduced":"0"},{"last_affected":"41eee98c698de20700aa45222fdefebc86fee3db"},{"introduced":"0"},{"last_affected":"4703ef3de5fb9e5c9187a33edfba8867561f2fe2"},{"introduced":"0"},{"last_affected":"7bfa5af1d7745d2ec61a8537c56734dc809c2e34"},{"introduced":"0"},{"last_affected":"3e8727d4155bd7aa6c1c45fc73e7bae75d6c7792"},{"introduced":"0"},{"last_affected":"7478627b8aa3e8da77d9ac54788ebb6e163ebbf0"},{"introduced":"0"},{"last_affected":"ea2365c9bde278334ffb54d6b34a1f7ef0a0c884"},{"introduced":"0"},{"last_affected":"021e33ad79d579d1aafd21fde5da27ab133bdfd1"},{"introduced":"0"},{"last_affected":"26b9f421ce109fdc1b0d62eea79ad394e4f46087"},{"introduced":"0"},{"last_affected":"8812d22a3cf1d7865f5e7a73151c0da12094393a"},{"introduced":"0"},{"last_affected":"a77b31dd0452e95f1556ef8e05cf66330a3c2821"},{"introduced":"0"},{"last_affected":"4952e487347f9b7a66aab46b3da5aaea38faf970"},{"introduced":"0"},{"last_affected":"31c26beab22872a14b9ded7908efcae6438be25e"},{"introduced":"0"},{"last_affected":"44346efd29f6f2a5bc2880a95ffbe885c86898f2"},{"introduced":"0"},{"last_affected":"5c4b1282b0c830f6520e36b13db08d8e6e4f5770"},{"introduced":"0"},{"last_affected":"14bae8c27e32a6c2f1a6c1c140c4979d2205a226"},{"introduced":"0"},{"last_affected":"6cb2674122511edacac3cc0c9c21069850191043"},{"introduced":"0"},{"last_affected":"6f3612650ebd6cd57fafa62d644bc503c07e05bf"},{"introduced":"0"},{"last_affected":"722628ce97f9626245edc01f07e7f0b7afb12ae5"},{"introduced":"0"},{"last_affected":"cee97aa8544663baff4c94d38a4234534d00619e"},{"introduced":"0"},{"last_affected":"efe84c3e5c1d116b8de98b33deada8c4d1b14a28"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"7.10.6"},{"introduced":"0"},{"last_affected":"7.10.6-NA"},{"introduced":"0"},{"last_affected":"7.10.6-rev10"},{"introduced":"0"},{"last_affected":"7.10.6-rev11"},{"introduced":"0"},{"last_affected":"7.10.6-rev12"},{"introduced":"0"},{"last_affected":"7.10.6-rev13"},{"introduced":"0"},{"last_affected":"7.10.6-rev14"},{"introduced":"0"},{"last_affected":"7.10.6-rev15"},{"introduced":"0"},{"last_affected":"7.10.6-rev16"},{"introduced":"0"},{"last_affected":"7.10.6-rev17"},{"introduced":"0"},{"last_affected":"7.10.6-rev18"},{"introduced":"0"},{"last_affected":"7.10.6-rev19"},{"introduced":"0"},{"last_affected":"7.10.6-rev20"},{"introduced":"0"},{"last_affected":"7.10.6-rev21"},{"introduced":"0"},{"last_affected":"7.10.6-rev22"},{"introduced":"0"},{"last_affected":"7.10.6-rev23"},{"introduced":"0"},{"last_affected":"7.10.6-rev24"},{"introduced":"0"},{"last_affected":"7.10.6-rev25"},{"introduced":"0"},{"last_affected":"7.10.6-rev26"},{"introduced":"0"},{"last_affected":"7.10.6-rev27"},{"introduced":"0"},{"last_affected":"7.10.6-rev28"},{"introduced":"0"},{"last_affected":"7.10.6-rev29"},{"introduced":"0"},{"last_affected":"7.10.6-rev30"},{"introduced":"0"},{"last_affected":"7.10.6-rev31"},{"introduced":"0"},{"last_affected":"7.10.6-rev32"},{"introduced":"0"},{"last_affected":"7.10.6-rev33"},{"introduced":"0"},{"last_affected":"7.10.6-rev34"},{"introduced":"0"},{"last_affected":"7.10.6-rev35"},{"introduced":"0"},{"last_affected":"7.10.6-rev36"}]}}],"versions":["7.10.0-0","7.10.0-2","7.10.3-0","7.10.4-0","7.10.4-1","7.10.5-0","7.10.5-1","7.10.5-2","7.10.6-0","7.10.6-10","7.10.6-11","7.10.6-12","7.10.6-13","7.10.6-14","7.10.6-15","7.10.6-16","7.10.6-17","7.10.6-18","7.10.6-19","7.10.6-20","7.10.6-21","7.10.6-22","7.10.6-23","7.10.6-24","7.10.6-25","7.10.6-26","7.10.6-27","7.10.6-28","7.10.6-29","7.10.6-30","7.10.6-31","7.10.6-32","7.10.6-33","7.10.6-34","7.10.6-35","7.10.6-36","7.4.1-6","7.6.2-13","7.6.2-16","7.6.2-18","7.6.2-19","7.6.2-22","7.6.2-23","7.6.2-24","7.8.0-10","7.8.0-11","7.8.0-12","7.8.0-19","7.8.0-7","7.8.0-8","7.8.1-10","7.8.1-11","7.8.1-14","7.8.2-14","7.8.2-16","7.8.2-5","7.8.2-6","7.8.2-7","7.8.2-9","7.8.3-10","7.8.3-9","as-next"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev01"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev02"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev03"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev04"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev05"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev06"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev07"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev08"}]},{"events":[{"introduced":"0"},{"last_affected":"7.10.6-rev09"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24599.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}]}