4 matches found
CVE-2023-24605
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens...
CVE-2023-24600
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls for reading contacts via a move to their own address book...
PT-2023-19700 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue is related to an information leak in the handling of distribution lists. This leak can result in the partial disclosure of private contacts of another user. Recommendations: F...
PT-2023-19705 · Open Xchange · Ox App Suite
Name of the Vulnerable Software and Affected Versions: OX App Suite versions prior to 7.10.6-rev37 Description: The issue concerns a lack of size limit checks when downloading data, potentially allowing a crafted iCal feed to provide an unlimited amount of data. This could be exploited, for...