Vulnerabilities > Open Xchange > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-08 | CVE-2023-29050 | Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6/8.16 The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. | 9.6 |
| 2023-08-02 | CVE-2023-26443 | SQL Injection vulnerability in Open-Xchange Appsuite Backend Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. | 9.8 |
| 2022-10-25 | CVE-2022-29851 | OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | 9.8 |
| 2022-07-27 | CVE-2022-23100 | OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). | 9.8 |
| 2022-07-27 | CVE-2022-24405 | OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API. | 9.8 |
| 2020-08-31 | CVE-2020-12645 | Improper Restriction of Excessive Authentication Attempts vulnerability in Open-Xchange Appsuite 7.10.1 OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. | 9.8 |
| 2019-06-17 | CVE-2019-7158 | Unspecified vulnerability in Open-Xchange Appsuite OX App Suite 7.10.0 and earlier has Incorrect Access Control. | 9.8 |
| 2019-05-23 | CVE-2017-13667 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. | 9.9 |
| 2019-05-23 | CVE-2017-5212 | Improper Access Control vulnerability in Open-Xchange Appsuite 7.8.3 Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control. | 9.8 |
| 2019-05-23 | CVE-2017-5210 | Information Exposure vulnerability in Open-Xchange Appsuite Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure. | 9.8 |