Known Vulnerabilities for Open-xchange Appsuite Backend by Open-xchange

Listed below are 10 of the newest known vulnerabilities associated with "Open-xchange Appsuite Backend" by "Open-xchange".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2023-26451 json	Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Servi...	7.5 - HIGH	2023-08-02	2024-01-12
CVE-2023-26443 json	Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in...	9.8 - CRITICAL	2023-08-02	2024-01-12
CVE-2023-26438 json	External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involvin...	3.1 - LOW	2023-08-02	2024-01-12
CVE-2023-26436 json	Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly ch...	8.8 - HIGH	2023-06-20	2024-01-12
CVE-2023-26435 json	It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT document...	5 - MEDIUM	2023-06-20	2024-01-12
CVE-2023-26434 json	When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacke...	4.3 - MEDIUM	2023-06-20	2024-01-12
CVE-2023-26433 json	When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacke...	4.3 - MEDIUM	2023-06-20	2024-01-12
CVE-2023-26432 json	When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacke...	4.3 - MEDIUM	2023-06-20	2024-01-12
CVE-2023-26431 json	IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with acc...	4.3 - MEDIUM	2023-06-20	2024-01-12
CVE-2023-26430 json	Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abus...	4.3 - MEDIUM	2023-08-02	2024-01-12

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3
Application	Open-xchange	Open-xchange Appsuite Backend	7.8.3

Results limited to 20 most recent known configurations