VYPR

OX App Suite

by Open-Xchange

CVEs (23)

  • CVE-2023-24599MedMay 29, 2023
    risk 0.28cvss 4.3epss 0.01

    OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."

  • CVE-2021-38378MedNov 22, 2021
    risk 0.28cvss 4.3epss 0.01

    OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.

  • CVE-2023-24605MedMay 29, 2023
    risk 0.27cvss 4.2epss 0.00

    OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.

Page 2 of 2