Open-xchange Appsuite Security Vulnerabilities and Issues — Open-xchange Appsuite CVE List

Lucene search

Open-xchangeOpen-xchange Appsuite

12 matches found

CVE•added 2020/01/31 10:15 p.m.•140 views

CVE-2014-5236

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.

7.5CVSS7.4AI score0.06674EPSS

CVE•added 2018/06/16 1:29 a.m.•123 views

CVE-2018-5755

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.

7.1CVSS5.7AI score0.00616EPSS

CVE•added 2019/06/18 1:15 p.m.•46 views

CVE-2019-7159

OX App Suite 7.10.1 and earlier allows Information Exposure.

7.5CVSS7.5AI score0.00402EPSS

CVE•added 2013/09/25 10:31 a.m.•45 views

CVE-2013-5200

The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.

7.5CVSS6AI score0.00514EPSS

CVE•added 2019/05/10 4:29 p.m.•44 views

CVE-2017-12884

OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.

7.5CVSS7.5AI score0.00386EPSS

CVE•added 2016/12/15 6:59 a.m.•41 views

CVE-2016-3174

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end u...

7.4CVSS7.3AI score0.00201EPSS

CVE•added 2019/05/23 3:29 p.m.•39 views

CVE-2017-5211

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.

7.5CVSS8AI score0.00289EPSS

CVE•added 2023/11/02 2:15 p.m.•39 views

CVE-2023-29047

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible t...

7.3CVSS7.3AI score0.0005EPSS

CVE•added 2020/06/16 2:15 p.m.•36 views

CVE-2020-8543

OX App Suite through 7.10.3 has Improper Input Validation.

7.5CVSS7.5AI score0.00361EPSS

CVE•added 2020/01/14 4:15 p.m.•35 views

CVE-2014-5238

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.

7.8CVSS7.5AI score0.00903EPSS

CVE•added 2023/11/02 2:15 p.m.•35 views

CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenti...

7.8CVSS7.5AI score0.00027EPSS

CVE•added 2024/02/12 9:15 a.m.•30 views

CVE-2023-41704

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved a...

7.1CVSS6.9AI score0.00295EPSS