Known Vulnerabilities for products from Open-xchange
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Open-xchange".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-29052 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2024-01-08 | 2024-01-22 |
| CVE-2023-29051 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.1 - HIGH | 2024-01-08 | 2024-01-22 |
| CVE-2023-29050 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.6 - CRITICAL | 2024-01-08 | 2024-01-12 |
| CVE-2023-29049 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2024-01-08 | 2024-01-12 |
| CVE-2023-29048 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2024-01-08 | 2024-01-12 |
| CVE-2023-29047 | Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to ... | 7.3 - HIGH | 2023-11-02 | 2024-01-12 |
| CVE-2023-29046 | Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead ... | 4.3 - MEDIUM | 2023-11-02 | 2024-01-12 |
| CVE-2023-29045 | Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Scrip... | 5.4 - MEDIUM | 2023-11-02 | 2024-01-12 |
| CVE-2023-29044 | Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected ... | 5.4 - MEDIUM | 2023-11-02 | 2024-01-12 |
| CVE-2023-29043 | Presentations may contain references to images, which are user-controlled, and could include malicious script code that is be... | 6.1 - MEDIUM | 2023-11-02 | 2024-01-12 |
| CVE-2023-26456 | Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before proce... | 5.4 - MEDIUM | 2023-11-02 | 2024-01-12 |
| CVE-2023-26455 | RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent netwo... | 7.8 - HIGH | 2023-11-02 | 2024-01-12 |
| CVE-2023-26454 | Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vul... | 8.8 - HIGH | 2023-11-02 | 2024-01-12 |
| CVE-2023-26453 | Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerabi... | 8.8 - HIGH | 2023-11-02 | 2024-01-12 |
| CVE-2023-26452 | Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. E... | 8.8 - HIGH | 2023-11-02 | 2024-01-12 |
| CVE-2023-26451 | Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Servi... | 7.5 - HIGH | 2023-08-02 | 2024-01-12 |
| CVE-2023-26450 | The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script cod... | 5.4 - MEDIUM | 2023-08-02 | 2024-01-12 |
| CVE-2023-26449 | The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code... | 5.4 - MEDIUM | 2023-08-02 | 2024-01-12 |
| CVE-2023-26448 | Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Ma... | 5.4 - MEDIUM | 2023-08-02 | 2024-01-12 |
| CVE-2023-26447 | The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable j... | 5.4 - MEDIUM | 2023-08-02 | 2024-01-12 |
Known software with vulnerabilities from Open-xchange
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Open-xchange | App Suite | 7.4.2 |
| Application | Open-xchange | Connector | 7.2.25 |
| Application | Open-xchange | Open-xchange Appsuite | 6.20.7 |
| Application | Open-xchange | Open-xchange Appsuite Backend | 7.6.3 |
| Application | Open-xchange | Open-xchange Appsuite Documentconverter | 7.8.3 |
| Application | Open-xchange | Open-xchange Appsuite Frontend | 7.6.3 |
| Application | Open-xchange | Open-xchange Appsuite Office | 7.8.3 |
| Application | Open-xchange | Open-xchange Appsuite Office-web | 7.8.3 |
| Application | Open-xchange | Open-xchange Documentconverter | 7.6.3 |
| Application | Open-xchange | Open-xchange Documentconverter Api | 7.8.3 |
| Application | Open-xchange | Open-xchange Documents | 7.8.3 |
| Application | Open-xchange | Open-xchange Documents Frontend | 7.6.3 |
| Application | Open-xchange | Open-xchange Driverestricted | 7.6.3 |
| Application | Open-xchange | Open-xchange Drive Restricted | 7.8.3 |
| Application | Open-xchange | Open-xchange Eas | 7.8.3 |
| Application | Open-xchange | Open-xchange Middleware | 7.8.3 |
| Application | Open-xchange | Open-xchange Notifier | 1.0.6 |
| Application | Open-xchange | Open-xchange Office | 7.6.3 |
| Application | Open-xchange | Open-xchange Office-web | 7.8.3 |
| Application | Open-xchange | Open-xchange Office Web | 7.6.3 |