Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Open-Xchange OX App Suite 代码问题漏洞
Vulnerability Description
Open-Xchange OX App Suite是德国Open-Xchange公司的一个电子邮件及生产力套件客户端软件。 Open-Xchange OX App Suite存在安全漏洞,该漏洞源于IPv4 映射的 IPv6 地址未被代码识别为local地址,攻击者利用该漏洞可以绕过现有的拒绝列表功能。
CVSS Information
N/A
Vulnerability Type
N/A