Headline
CVE-2023-26451
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.
[object Object]
Related news
OX App Suite SSRF / SQL Injection / Cross Site Scripting
OX App Suite suffers from remote SQL injection, server-side request forgery, cross site scripting, improper neutralization, command injection, and exposure of sensitive information vulnerabilities.