cbcvebase.

Open-Xchange Appsuite vulnerabilities

146 known vulnerabilities affecting open-xchange/open-xchange_appsuite.

Total CVEs
146
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH17MEDIUM117LOW5

Vulnerabilities

Page 2 of 8
CVE-2014-5238P3HIGHCVSS 7.8≤ 7.4.1v7.4.2+1 more2020-01-14
CVE-2014-5238 [HIGH] CWE-611 CVE-2014-5238: XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x b XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
nvd
CVE-2017-17060P3CRITICALCVSS 9.8≤ 7.8.42019-05-23
CVE-2017-17060 [CRITICAL] CWE-275 CVE-2017-17060: OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.
nvd
CVE-2023-26455P3HIGHCVSS 7.8fixed in 7.10.6v7.10.62023-11-02
CVE-2023-26455 [HIGH] CWE-287 CVE-2023-26455: RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers wit RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are kno
nvd
CVE-2014-5236P3HIGHCVSS 7.5≤ 7.4.1v7.4.2+1 more2020-01-31
CVE-2014-5236 [HIGH] CWE-22 CVE-2014-5236: Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.
nvd
CVE-2017-5210P3CRITICALCVSS 9.8≤ 7.8.32019-05-23
CVE-2017-5210 [CRITICAL] CWE-200 CVE-2017-5210: Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure. Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.
nvd
CVE-2019-14226P3HIGHCVSS 8.1≤ 7.10.22019-10-14
CVE-2019-14226 [HIGH] CWE-281 CVE-2019-14226: OX App Suite through 7.10.2 has Insecure Permissions. OX App Suite through 7.10.2 has Insecure Permissions.
nvd
CVE-2019-7159P3HIGHCVSS 7.5≤ 7.10.12019-06-18
CVE-2019-7159 [HIGH] CVE-2019-7159: OX App Suite 7.10.1 and earlier allows Information Exposure. OX App Suite 7.10.1 and earlier allows Information Exposure.
nvd
CVE-2020-8543P3HIGHCVSS 7.5v7.8.4v7.10.1+2 more2020-06-16
CVE-2020-8543 [HIGH] CWE-20 CVE-2020-8543: OX App Suite through 7.10.3 has Improper Input Validation. OX App Suite through 7.10.3 has Improper Input Validation.
nvd
CVE-2013-5200P3HIGHCVSS 7.5v7.0.1v7.0.2+2 more2013-09-25
CVE-2013-5200 [HIGH] CWE-287 CVE-2013-5200: The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.
nvd
CVE-2017-12884P3HIGHCVSS 7.5≤ 7.8.42019-05-10
CVE-2017-12884 [HIGH] CWE-200 CVE-2017-12884: OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure. OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.
nvd
CVE-2014-7871P3MEDIUMCVSS 6.5≤ 7.4.2v7.6.02014-11-21
CVE-2014-7871 [MEDIUM] CWE-89 CVE-2014-7871: SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0- SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
nvd
CVE-2017-5211P3HIGHCVSS 7.5≤ 7.8.32019-05-23
CVE-2017-5211 [HIGH] CWE-20 CVE-2017-5211: Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.
nvd
CVE-2020-28943P3MEDIUMCVSS 6.5≤ 7.10.42021-04-30
CVE-2020-28943 [MEDIUM] CWE-918 CVE-2020-28943: OX App Suite 7.10.4 and earlier allows SSRF via a snippet. OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
nvd
CVE-2019-16716P4MEDIUMCVSS 6.6≤ 7.10.22020-01-06
CVE-2019-16716 [MEDIUM] CWE-276 CVE-2019-16716: OX App Suite through 7.10.2 has Incorrect Access Control. OX App Suite through 7.10.2 has Incorrect Access Control.
nvd
CVE-2023-41705P4MEDIUMCVSS 6.5fixed in 7.6.3fixed in 7.10.6+3 more2024-02-12
CVE-2023-41705 [MEDIUM] CWE-400 CVE-2023-41705: Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could Processing of user-defined DAV user-agent strings is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of DAV user-agents now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly available expl
nvd
CVE-2018-12609P4MEDIUMCVSS 6.5≤ 7.8.42019-01-30
CVE-2018-12609 [MEDIUM] CWE-918 CVE-2018-12609: OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery.
nvd
CVE-2023-41706P4MEDIUMCVSS 6.5fixed in 7.6.3fixed in 7.10.6+3 more2024-02-12
CVE-2023-41706 [MEDIUM] CWE-400 CVE-2023-41706: Processing time of drive search expressions now gets monitored, and the related request is terminate Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly avai
nvd
CVE-2023-41707P4MEDIUMCVSS 6.5fixed in 7.6.3fixed in 7.10.6+3 more2024-02-12
CVE-2023-41707 [MEDIUM] CWE-400 CVE-2023-41707: Processing of user-defined mail search expressions is not limited. Availability of OX App Suite coul Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. No publicly avail
nvd
CVE-2021-23927P4MEDIUMCVSS 6.4≤ 7.10.42021-01-12
CVE-2021-23927 [MEDIUM] CWE-918 CVE-2021-23927: OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
nvd
CVE-2016-3174P4HIGHCVSS 7.4≤ 7.8.02016-12-15
CVE-2016-3174 [HIGH] CWE-601 CVE-2016-3174: An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers t An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability
nvd
Open-Xchange Appsuite vulnerabilities | cvebase