threat
engine
.sh
Back
·
··:··
Home
/
Product
/
open xchange open xchange appsuite backend
Product
open xchange open xchange appsuite backend
14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-26451
<= 8.11.0
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. A
7.5
HIGH
CVE-2023-26443
<= 7.10.6
Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in plac
5.5
MEDIUM
CVE-2023-26438
all versions
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the
4.3
MEDIUM
CVE-2023-26430
all versions
Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to
3.5
LOW
CVE-2023-26436
< 7.10.6
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked
7.1
HIGH
CVE-2023-26435
< 7.10.6
It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. At
5.0
MEDIUM
CVE-2023-26434
< 7.10.6
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker wit
4.3
MEDIUM
CVE-2023-26433
< 7.10.6
When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker wit
4.3
MEDIUM
CVE-2023-26432
< 7.10.6
When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker wit
4.3
MEDIUM
CVE-2023-26431
< 7.10.6
IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access t
5.0
MEDIUM
CVE-2023-26429
< 7.10.6
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via
3.5
LOW
CVE-2023-26428
< 7.10.6
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Sign
6.5
MEDIUM
CVE-2023-26427
< 7.10.6
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We
3.2
LOW
CVE-2016-6846
all versions
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2
6.1
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin