Ox App Suite Security Vulnerabilities - CVSS Score 9 - 10

CVE-2022-23100

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).

CVE-2022-24405

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.

CVE-2022-29851

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.

CVE-2023-29050

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory ser...