VYPR

Appsuite

by Open-Xchange

CVEs (144)

  • CVE-2017-13667CriMay 23, 2019
    risk 0.64cvss 9.9epss 0.01

    OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

  • CVE-2017-5212CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.01

    Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.

  • CVE-2017-5210CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.01

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.

  • CVE-2017-17060CriMay 23, 2019
    risk 0.64cvss 9.8epss 0.01

    OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.

  • CVE-2017-5863CriMay 22, 2019
    risk 0.64cvss 9.8epss 0.01

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

  • CVE-2018-5752HigJun 16, 2018
    risk 0.61cvss 8.8epss 0.08

    The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations…

  • CVE-2023-29048HigJan 8, 2024
    risk 0.57cvss 8.8epss 0.01

    A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and…

  • CVE-2017-8340HigMay 22, 2019
    risk 0.57cvss 8.8epss 0.01

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

  • CVE-2017-6912HigMay 22, 2019
    risk 0.57cvss 8.8epss 0.01

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

  • CVE-2023-29051HigJan 8, 2024
    risk 0.53cvss 8.1epss 0.01

    User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects…

  • CVE-2014-5238HigJan 14, 2020
    risk 0.51cvss 7.8epss 0.02

    XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.

  • CVE-2023-29050HigJan 8, 2024
    risk 0.50cvss 7.6epss 0.02

    The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load…

  • CVE-2025-30188HigOct 31, 2025
    risk 0.49cvss 7.5epss 0.00

    Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No…

  • CVE-2023-26454HigNov 2, 2023
    risk 0.49cvss 7.6epss 0.00

    Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL…

  • CVE-2023-26453HigNov 2, 2023
    risk 0.49cvss 7.6epss 0.00

    Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL…

  • CVE-2023-26452HigNov 2, 2023
    risk 0.49cvss 7.6epss 0.00

    Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by…

  • CVE-2023-26451HigAug 2, 2023
    risk 0.49cvss 7.5epss 0.01

    Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result,…

  • CVE-2023-26439HigAug 2, 2023
    risk 0.49cvss 7.6epss 0.00

    The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users…

  • CVE-2014-5236HigJan 31, 2020
    risk 0.49cvss 7.5epss 0.04

    Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument…

  • CVE-2017-5211HigMay 23, 2019
    risk 0.49cvss 7.5epss 0.01

    Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing.

Page 1 of 8