Vulnerabilities > Open Xchange > Open Xchange Appsuite Office
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-02 | CVE-2023-26439 | SQL Injection vulnerability in Open-Xchange Appsuite Office 7.8.3 The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. | 7.8 |
| 2023-08-02 | CVE-2023-26440 | SQL Injection vulnerability in Open-Xchange Appsuite Office 7.8.3 The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. | 7.8 |
| 2023-08-02 | CVE-2023-26441 | Path Traversal vulnerability in Open-Xchange Appsuite Office 7.8.3 Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. | 5.5 |
| 2023-08-02 | CVE-2023-26442 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite Office 7.8.3 In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. | 3.2 |