Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2018-5756

🗓️ 15 Jun 2018 21:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 76 Views🌐 WEB

The backend in Open-Xchange OX App Suite before 7.8.3-rev44, 7.8.4 before 7.8.4-rev22 allows remote authenticated users to delete arbitrary tasks

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today		OX App Suite 7.8.4 - Multiple Vulnerabilities
13 Jun 201800:00
zdt
CNVD		OX App Suite Improper Privilege Management Vulnerability
13 Jun 201800:00
cnvd
Cvelist		CVE-2018-5756
15 Jun 201821:00
cvelist
Exploit DB		OX App Suite 7.8.4 - Multiple Vulnerabilities
12 Jun 201800:00
exploitdb
EUVD		EUVD-2018-17525
7 Oct 202500:30
euvd
exploitpack		OX App Suite 7.8.4 - Multiple Vulnerabilities
12 Jun 201800:00
exploitpack
NVD		CVE-2018-5756
16 Jun 201801:29
nvd
OpenVAS		Open-Xchange (OX) App Suite Multiple Vulnerabilities - 01 (Jun 2018)
19 Jun 201800:00
openvas
OSV		CVE-2018-5756
16 Jun 201801:29
osv
Packet Storm		OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
8 Jun 201800:00
packetstorm
Rows per page
NVD
Node
open-xchangeopen-xchange_appsuiteRange7.6.3
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev14
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev15
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev16
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev17
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev18
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev20
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev22
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev23
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev24
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev25
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev26
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev28
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev29
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev30
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev31
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev32
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev33
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev35
OR
open-xchangeopen-xchange_appsuiteMatch7.8.0
OR
open-xchangeopen-xchange_appsuiteMatch7.8.2
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev10
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev11
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev12
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev13
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev14
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev15
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev16
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev17
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev18
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev19
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev20
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev21
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev22
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev23
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev24
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev25
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev26
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev27
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev28
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev29
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev30
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev31
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev32
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev33
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev34
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev35
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev36
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev38
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev39
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev40
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev41
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev42
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev43
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev5
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev6
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev8
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev9
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev10
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev11
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev13
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev14
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev15
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev16
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev17
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev18
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev19
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev20
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev21
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev3
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev4
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev5
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev6
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev7
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev8
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev9
ParameterPositionPathDescriptionCWE
actionquery param/api/tasksImproper Privilege Management: permission checks for tasks were incomplete with regards to folder-to-object association.CWE-269
idquery param/api/tasksImproper Privilege Management: permission checks for tasks were incomplete with regards to folder-to-object association.CWE-269
folderIdquery param/api/tasksImproper Privilege Management: permission checks for tasks were incomplete with regards to folder-to-object association.CWE-269
confirmmessagebody/api/calendarImproper Privilege Management: permission checks for appointments were incomplete with regards to folder-to-object association.CWE-269
confirmationbody/api/calendarImproper Privilege Management: permission checks for appointments were incomplete with regards to folder-to-object association.CWE-269
typebody/api/calendarImproper Privilege Management: permission checks for appointments were incomplete with regards to folder-to-object association.CWE-269
mailbody/api/calendarImproper Privilege Management: permission checks for appointments were incomplete with regards to folder-to-object association.CWE-269
actionquery param/api/autoconfigServer-Side Request Forgery (CWE-918) via redirects when looking up external mail account configuration.CWE-918
sessionquery param/ajax/userImproper Privilege Management: permission checks for user attributes could be misused to set/read data beyond permissions.CWE-269
namequery param/ajax/userImproper Privilege Management: permission checks for user attributes could be misused to set/read data beyond permissions.CWE-269
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 02:00Current
5.3Medium risk
Vulners AI Score5.3
CVSS 24
CVSS 34.3
EPSS0.05592
CWE-269
cve-2018-5756open-xchangeox app suitesecurityremote authenticationvulnerability
76