Vulnerabilities > Open Xchange > Open Xchange Appsuite Backend > 8.11.0

DATE CVE VULNERABILITY TITLE RISK
2023-08-02 CVE-2023-26443 SQL Injection vulnerability in Open-Xchange Appsuite Backend
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements.
network
low complexity
open-xchange CWE-89
critical
 9.8
9.8
2023-08-02 CVE-2023-26451 Use of Insufficiently Random Values vulnerability in Open-Xchange Appsuite Backend
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service.
network
low complexity
open-xchange CWE-330
7.5
7.5