Vulnerabilities (CVE)

Filtered by vendor Open-xchange Subscribe
Total 252 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-24600 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 4.3 MEDIUM
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.
CVE-2023-26427 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-02-28 N/A 3.3 LOW
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
CVE-2023-26428 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-02-28 N/A 6.5 MEDIUM
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.
CVE-2023-26435 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-02-28 N/A 5.0 MEDIUM
It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known.
CVE-2023-24598 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 4.3 MEDIUM
OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user.
CVE-2022-43697 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 6.1 MEDIUM
OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.
CVE-2023-26436 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-02-28 N/A 8.8 HIGH
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing the request. A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes. No publicly available exploits are known.
CVE-2023-26431 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-02-28 N/A 4.3 MEDIUM
IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.
CVE-2023-26429 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-02-28 N/A 5.3 MEDIUM
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.
CVE-2023-24604 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 4.3 MEDIUM
OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.
CVE-2023-24601 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 6.1 MEDIUM
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree.
CVE-2022-37306 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 6.1 MEDIUM
OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.
CVE-2023-24599 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 4.3 MEDIUM
OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."
CVE-2023-24603 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 6.5 MEDIUM
OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.
CVE-2023-24597 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 5.3 MEDIUM
OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing.
CVE-2023-24605 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 4.2 MEDIUM
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.
CVE-2023-24602 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 6.1 MEDIUM
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.
CVE-2022-43696 1 Open-xchange 1 Ox App Suite 2024-02-28 N/A 6.1 MEDIUM
OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.
CVE-2023-26433 1 Open-xchange 1 Open-xchange Appsuite Backend 2024-02-28 N/A 4.3 MEDIUM
When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known.
CVE-2022-37312 1 Open-xchange 1 Open-xchange Appsuite 2024-02-28 N/A 5.3 MEDIUM
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.