Vulnerabilities > Open Xchange > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-08 | CVE-2023-29050 | Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6/8.16 The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. | 9.6 |
| 2023-08-02 | CVE-2023-26443 | SQL Injection vulnerability in Open-Xchange Appsuite Backend Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. | 9.8 |
| 2022-10-25 | CVE-2022-29851 | OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | 9.8 |