Skip to main content

Open Xchange Appsuite Office

4 CVEs product

Monthly

CVE-2023-26442 LOW Monitor

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

SSRF Open Xchange Appsuite Office
NVD
CVSS 3.1
3.2
EPSS
0.3%
CVE-2023-26441 MEDIUM This Month

Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite Office
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-26440 HIGH This Week

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite Office
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26439 HIGH This Week

The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite Office
NVD
CVSS 3.1
7.8
EPSS
0.4%
EPSS 0% CVSS 3.2
LOW Monitor

In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

SSRF Open Xchange Appsuite Office
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite Office
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite Office
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite Office
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy