CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

CVE-2014-2392

The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs...

Deserialization of untrusted data

The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading 1 web-server access logs, 2 web-server Referer logs...

CVE-2014-2392

Open-Xchange App Suite is affected by CVE-2014-2392 (E-Mail autoconfiguration) and CVE-2014-2392 describes that a password is transmitted in a GET parameter. Affected versions include 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13. The underlying issue is information exposure...