7 matches found
CVE-2023-29048
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...
CVE-2023-29051
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...
CVE-2023-29048
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...
CVE-2023-29051
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...
CVE-2023-29051
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users...
CVE-2023-29051
CVE-2023-29051 affects Open-Xchange App Suite. User-defined OXMF templates could access a limited part of the internal Java API, with an ineffective default switch to disable template usage. This could allow unauthorized users to discover and modify application state, including objects tied to ot...
CVE-2023-29048
Open-Xchange App Suite (backend) is affected by CVE-2023-29048, impacting the Open-Xchange App Suite v7.10.x line (example reference cites 7.10.6-rev50). The root cause is a flaw in the OXMF template parser that could be abused to execute arbitrary system commands as the non-privileged runtime us...