CVE-2020-24700

Description

OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.

CVSS Version 3.1
CVSS Version 2.0

nvd
CVE ID: CVE-2020-24700
Base Score: 5.4
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Impact Score: 2.5
Exploitability Score: 2.8

nvd
CVE ID: CVE-2020-24700
Base Score: 5.5
Base Severity: MEDIUM
Vector String:AV:N/AC:L/Au:S/C:P/I:P/A:N

Refrence: NVD

Description​

Description