Vulnerabilities > Open Xchange

DATE CVE VULNERABILITY TITLE RISK
2020-10-23 CVE-2020-15003 Unspecified vulnerability in Open-Xchange Appsuite 7.10.2/7.10.3
OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
network
low complexity
open-xchange
4.3
4.3
2020-10-23 CVE-2020-15002 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite
OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.
network
low complexity
open-xchange CWE-918
5.0
5.0
2020-08-31 CVE-2020-12646 Cross-site Scripting vulnerability in Open-Xchange Appsuite
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
network
low complexity
open-xchange CWE-79
5.4
5.4
2020-08-31 CVE-2020-12645 Improper Restriction of Excessive Authentication Attempts vulnerability in Open-Xchange Appsuite 7.10.1
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
network
low complexity
open-xchange CWE-307
critical
 9.8
9.8
2020-08-31 CVE-2020-12644 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
network
low complexity
open-xchange CWE-918
5.0
5.0
2020-08-31 CVE-2020-12643 Authorization Bypass Through User-Controlled Key vulnerability in Open-Xchange Appsuite
OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address.
network
low complexity
open-xchange CWE-639
4.3
4.3
2020-06-16 CVE-2020-8544 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite
OX App Suite through 7.10.3 allows SSRF.
network
low complexity
open-xchange CWE-918
6.5
6.5
2020-06-16 CVE-2020-8543 Improper Input Validation vulnerability in Open-Xchange Appsuite
OX App Suite through 7.10.3 has Improper Input Validation.
network
low complexity
open-xchange CWE-20
7.5
7.5
2020-06-16 CVE-2020-8542 Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3
OX App Suite through 7.10.3 allows XSS.
network
low complexity
open-xchange CWE-79
5.4
5.4
2020-06-16 CVE-2020-8541 XXE vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2/7.10.3
OX App Suite through 7.10.3 allows XXE attacks.
network
low complexity
open-xchange CWE-611
6.5
6.5