Open-xchange Appsuite@7.8.0 Security Vulnerabilities and Issues — Open-xchange Appsuite@7.8.0 CVE List

Lucene search

Open-xchangeOpen-xchange Appsuite7.8.0

8 matches found

CVE•added 2018/06/16 1:29 a.m.•123 views

CVE-2018-5755

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.

7.1CVSS5.7AI score0.00616EPSS

CVE•added 2018/06/16 1:29 a.m.•65 views

CVE-2018-5752

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and...

8.8CVSS6.7AI score0.0197EPSS

CVE•added 2018/06/16 1:29 a.m.•63 views

CVE-2018-5753

The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.

6.5CVSS6AI score0.01833EPSS

CVE•added 2018/06/16 1:29 a.m.•57 views

CVE-2018-5756

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a de...

4.3CVSS5.3AI score0.01022EPSS

CVE•added 2018/06/16 1:29 a.m.•55 views

CVE-2017-17062

The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.

6.5CVSS5.9AI score0.01966EPSS

CVE•added 2018/07/05 8:29 p.m.•54 views

CVE-2018-9997

Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page wit...

6.1CVSS6AI score0.00319EPSS

CVE•added 2018/06/16 1:29 a.m.•48 views

CVE-2018-5751

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.

6.5CVSS5.7AI score0.01346EPSS

CVE•added 2018/07/05 8:29 p.m.•30 views

CVE-2018-9998

Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.

6.5CVSS6.2AI score0.00396EPSS