OX App Suite
by Open-Xchange
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-24599 | Med | 0.28 | 4.3 | 0.01 | May 29, 2023 | OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion." | ||
| CVE-2021-38378 | Med | 0.28 | 4.3 | 0.01 | Nov 22, 2021 | OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name. | ||
| CVE-2023-24605 | Med | 0.27 | 4.2 | 0.00 | May 29, 2023 | OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens. |
- risk 0.28cvss 4.3epss 0.01
OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."
- risk 0.28cvss 4.3epss 0.01
OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.
- risk 0.27cvss 4.2epss 0.00
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.
Page 2 of 2