Vulnerabilities > Open Xchange > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-20 | CVE-2023-26436 | Deserialization of Untrusted Data vulnerability in Open-Xchange Appsuite Backend Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. | 8.8 |
| 2020-01-06 | CVE-2019-16716 | Incorrect Default Permissions vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.2 has Incorrect Access Control. | 8.5 |
| 2019-06-17 | CVE-2019-7158 | Unspecified vulnerability in Open-Xchange Appsuite OX App Suite 7.10.0 and earlier has Incorrect Access Control. | 7.5 |
| 2019-05-23 | CVE-2017-5212 | Improper Access Control vulnerability in Open-Xchange Appsuite 7.8.3 Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control. | 7.5 |
| 2019-05-23 | CVE-2017-17060 | Permission Issues vulnerability in Open-Xchange Appsuite OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. | 7.5 |
| 2019-05-22 | CVE-2017-5863 | Improper Access Control vulnerability in Open-Xchange Appsuite Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | 7.5 |
| 2018-06-16 | CVE-2018-5755 | Path Traversal vulnerability in Open-Xchange Appsuite Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet. | 7.1 |
| 2013-09-25 | CVE-2013-5200 | Improper Authentication vulnerability in Open-Xchange Appsuite The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call. | 7.5 |
| 2006-06-01 | CVE-2006-2738 | Unspecified vulnerability in Open-Xchange 0.8.1.6 The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed. | 7.5 |