Vulnerabilities > Open Xchange > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2023-26436 | Deserialization of Untrusted Data vulnerability in Open-Xchange Appsuite Backend Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. | 8.8 |
| 2021-04-30 | CVE-2020-28944 | Resource Exhaustion vulnerability in Open-Xchange OX Guard OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data. | 7.5 |
| 2020-06-16 | CVE-2020-8543 | Improper Input Validation vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.3 has Improper Input Validation. | 7.5 |
| 2020-01-31 | CVE-2014-5236 | Path Traversal vulnerability in Open-Xchange Appsuite Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. | 7.5 |
| 2020-01-14 | CVE-2014-5238 | XXE vulnerability in Open-Xchange Appsuite XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document. | 7.8 |
| 2019-10-14 | CVE-2019-14226 | Improper Preservation of Permissions vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.2 has Insecure Permissions. | 8.1 |
| 2019-08-20 | CVE-2019-11521 | Improper Privilege Management vulnerability in Open-Xchange Appsuite 7.10.1 OX App Suite 7.10.1 allows Content Spoofing. | 8.1 |
| 2019-07-03 | CVE-2018-10986 | Cross-Site Request Forgery (CSRF) vulnerability in Open-Xchange OX Guard 2.8.0 OX Guard 2.8.0 has CSRF. | 8.8 |
| 2019-06-18 | CVE-2019-7159 | Unspecified vulnerability in Open-Xchange Appsuite OX App Suite 7.10.1 and earlier allows Information Exposure. | 7.5 |
| 2019-05-23 | CVE-2017-5211 | Improper Input Validation vulnerability in Open-Xchange Appsuite Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. | 7.5 |