Open Xchange Appsuite Office
Monthly
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.