Vulnerabilities > Open Xchange > Open Xchange Appsuite

DATE CVE VULNERABILITY TITLE RISK
2020-10-23 CVE-2020-15003 Information Exposure vulnerability in Open-Xchange Appsuite 7.10.2/7.10.3
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
network
low complexity
open-xchange CWE-200
4.0
4.0
2020-10-23 CVE-2020-15002 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
network
low complexity
open-xchange CWE-918
4.0
4.0
2020-08-31 CVE-2020-12646 Cross-site Scripting vulnerability in Open-Xchange Appsuite
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. 		3.5
3.5
2020-08-31 CVE-2020-12645 Improper Input Validation vulnerability in Open-Xchange Appsuite 7.10.1
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
network
low complexity
open-xchange CWE-20
5.0
5.0
2020-08-31 CVE-2020-12644 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
network
low complexity
open-xchange CWE-918
4.0
4.0
2020-08-31 CVE-2020-12643 Incorrect Authorization vulnerability in Open-Xchange Appsuite
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
network
low complexity
open-xchange CWE-863
4.0
4.0
2020-06-16 CVE-2020-8544 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite 7.8.4
OX App Suite through 7.10.3 allows SSRF.
network
low complexity
open-xchange CWE-918
4.0
4.0
2020-06-16 CVE-2020-8543 Resource Exhaustion vulnerability in Open-Xchange Appsuite 7.10.1/7.8.4
OX App Suite through 7.10.3 has Improper Input Validation.
network
low complexity
open-xchange CWE-400
5.0
5.0
2020-06-16 CVE-2020-8542 Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3
OX App Suite through 7.10.3 allows XSS. 		3.5
3.5
2020-06-16 CVE-2020-8541 XXE vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3
OX App Suite through 7.10.3 allows XXE attacks.
network
low complexity
open-xchange CWE-611
4.0
4.0