Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-12-15 CVE-2016-5124 Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14.
network
low complexity
open-xchange CWE-79
6.1
6.1
2016-12-15 CVE-2016-4048 Unspecified vulnerability in Open-Xchange Appsuite 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11.
network
low complexity
open-xchange
4.3
4.3
2016-12-15 CVE-2016-4047 XXE vulnerability in Open-Xchange Appsuite 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8.
network
low complexity
open-xchange CWE-611
4.3
4.3
2016-12-15 CVE-2016-4046 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11.
network
low complexity
open-xchange CWE-918
5.8
5.8
2016-12-15 CVE-2016-4045 Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11.
network
low complexity
open-xchange CWE-79
6.1
6.1
2016-12-15 CVE-2016-4026 Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.8.1
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11.
network
low complexity
open-xchange CWE-79
6.1
6.1
2016-12-15 CVE-2016-3173 Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.8.0
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27.
network
low complexity
open-xchange CWE-79
5.4
5.4
2016-12-15 CVE-2016-2840 Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.8.0
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26.
network
low complexity
open-xchange CWE-79
6.1
6.1
2016-12-14 CVE-2016-3685 Use of Hard-coded Credentials vulnerability in SAP Download Manager 1.1.3.0/2.1.142
SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338.
local
high complexity
sap CWE-798
4.7
4.7
2016-12-14 CVE-2016-3684 Unspecified vulnerability in SAP Download Manager 1.1.3.0/2.1.142
SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338.
local
high complexity
sap
4.7
4.7