Open-xchange : Security Vulnerabilities, CVEs, CVSS score >= 9

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known.

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known.

documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.

OX App Suite through 7.10.6 allows OS Command Injection via a serialized Java class to the Documentconverter API.

OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).

OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.

OX App Suite 7.10.0 and earlier has Incorrect Access Control.

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions.

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control.

Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control.

Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure.