Vulnerabilities > Open Xchange > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-08 | CVE-2023-29048 | OS Command Injection vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. | 8.8 |
| 2024-01-08 | CVE-2023-29051 | Unspecified vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6/8.17 User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. | 8.1 |
| 2023-11-02 | CVE-2023-26452 | SQL Injection vulnerability in Open-Xchange Appsuite Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. | 8.8 |
| 2023-11-02 | CVE-2023-26453 | SQL Injection vulnerability in Open-Xchange Appsuite Requests to cache an image could be abused to include SQL queries that would be executed unchecked. | 8.8 |
| 2023-11-02 | CVE-2023-26454 | SQL Injection vulnerability in Open-Xchange Appsuite Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. | 8.8 |
| 2023-11-02 | CVE-2023-26455 | Improper Authentication vulnerability in Open-Xchange Appsuite RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. | 7.8 |
| 2023-11-02 | CVE-2023-29047 | SQL Injection vulnerability in Open-Xchange Appsuite Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. | 7.3 |
| 2023-08-02 | CVE-2023-26439 | SQL Injection vulnerability in Open-Xchange Appsuite Office 7.8.3 The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. | 7.8 |
| 2023-08-02 | CVE-2023-26440 | SQL Injection vulnerability in Open-Xchange Appsuite Office 7.8.3 The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. | 7.8 |
| 2023-08-02 | CVE-2023-26451 | Use of Insufficiently Random Values vulnerability in Open-Xchange Appsuite Backend Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. | 7.5 |