GCVE - cpe:2.3:a:open-xchange:open-xchange_appsuite

Approved changes feed: RSS · Atom

cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:8.10.0:*:*:*:*:*:*:*

part: a version: 8.10.0 update: *

Vendor	Open Xchange (`85b486f1-55be-55d2-8b83-a25950d10c23`)
Product	Open Xchange Appsuite Backend (`c6afa627-aedc-5c3a-b175-9b2288029c56`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:rpm/opensuse/open-xchange-appsuite-backend`	purl2cpe	2026-06-01 10:16:43.850997

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-26438`	vulnerable	2026-06-03 14:50:59.637997	Details available MEDIUM (4.3) External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known. Published: 2023-08-02T12:22:59.459Z Updated: 2024-08-02T11:46:24.656Z Open on db.gcve.eu Reference links https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.json http://seclists.org/fulldisclosure/2023/Aug/8 http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-26430`	vulnerable	2026-06-03 14:50:59.629814	Details available LOW (3.5) Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems. No publicly available exploits are known. Published: 2023-08-02T12:22:54.354Z Updated: 2024-10-15T17:11:44.042Z Open on db.gcve.eu Reference links https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6230_7.10.6_2023-05-02.pdf https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0003.json http://seclists.org/fulldisclosure/2023/Aug/8 http://packetstormsecurity.com/files/173943/OX-App-Suite-SSRF-SQL-Injection-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Open-xchange Open-xchange Appsuite Backend 8.10.0

PURL mappings

Vulnerability references

Contribute