Open-xchange Open-xchange Appsuite Office — known CVE vulnerabilities
Every CVE whose affected-product data names Open-xchange Open-xchange Appsuite Office, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2023-26439 — CVSS 7.6 (high): The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL…
CVE-2023-26440 — CVSS 7.1 (high): The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be…
CVE-2023-26441 — CVSS 5.7 (medium): Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An…
CVE-2023-26442 — CVSS 3.2 (low): In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An…