Lucene search
K

5 matches found

OSV
OSV
added 2018/06/16 1:29 a.m.3 views

CVE-2018-5756

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a...

4.3CVSS5.9AI score0.05592EPSS
Exploits5References3
NVD
NVD
added 2018/06/16 1:29 a.m.15 views

CVE-2018-5756

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a...

4.3CVSS4.5AI score0.05592EPSS
Exploits5References3
CVE
CVE
added 2018/06/15 9:0 p.m.77 views

CVE-2018-5756

The CVE-2018-5756 advisory concerns the Open-Xchange OX App Suite backend. It states that the backend does not properly verify folder-to-object associations, enabling remote authenticated users to delete arbitrary tasks by supplying the task ID in a delete action to api/tasks. Affected are Open-X...

4.3CVSS5.3AI score0.05592EPSS
Exploits5References3Affected Software1
Exploit DB
Exploit DB
added 2018/06/12 12:0 a.m.79 views

OX App Suite 7.8.4 - Multiple Vulnerabilities

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.3-rev30, 7.8.2-rev3...

8.8CVSS5.7AI score0.08387EPSS
Exploits8
Packet Storm
Packet Storm
added 2018/06/08 12:0 a.m.67 views

OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal

Dear subscribers, we've migrated our public disclosure workflow to full-disclosure and are catching up on publishing recent vulnerabilities through this channel. Feel free to join our bug bounty programs open-xchange, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange...

0.2AI score0.09234EPSS
Exploits11
Rows per page
Query Builder