CVE-2023-24605
CVSS 3.1 Score 4.2 of 10 (medium)
Details
Published May 29, 2023
Updated: Jan 14, 2025
CWE ID 862
Summary
CVE-2023-24605 is a cybersecurity vulnerability affecting OX App Suite before backend version 7.10.6-rev37. This issue permits unauthorized access to certain endpoints, such as reading data from drives, contact information, and token renaming, without two-factor authentication (2FA) enforcement. This lack of 2FA protection can expose sensitive data and potentially lead to account takeover attacks. Organizations using the affected version of OX App Suite are advised to upgrade to a patched version as soon as possible to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- OX App Suite
Affected Vendors
- Open-xchange