5 matches found
CVE-2018-5756
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a...
CVE-2018-5756
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a...
CVE-2018-5756
The CVE-2018-5756 advisory concerns the Open-Xchange OX App Suite backend. It states that the backend does not properly verify folder-to-object associations, enabling remote authenticated users to delete arbitrary tasks by supplying the task ID in a delete action to api/tasks. Affected are Open-X...
OX App Suite 7.8.4 - Multiple Vulnerabilities
Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.3-rev30, 7.8.2-rev3...
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
Dear subscribers, we've migrated our public disclosure workflow to full-disclosure and are catching up on publishing recent vulnerabilities through this channel. Feel free to join our bug bounty programs open-xchange, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange...