CPE Details
Open-xchange Open-xchange Appsuite Backend 8.11.0
8.11.0
2023-07-03
12h20 +00:00
12h20 +00:00
2023-07-14
09h31 +00:00
09h31 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:8.11.0:*:*:*:*:*:*:*
Informations
Vendor
open-xchangeProduct
open-xchange_appsuite_backendVersion
8.11.0Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known. | 7.5 |
High |
||
| Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known. | 9.8 |
Critical |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.