Nextcloud Enterprise Server
Approved changes feed: RSS · Atom
cpe:2.3:a:nextcloud:nextcloud_enterprise_server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Nextcloud (e5ae4298-6932-564f-a40d-08cebea039a5) |
|---|---|
| Product | Nextcloud Enterprise Server (4323ed93-4a62-509f-8c04-f01ebbf93843) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-39364 |
vulnerable | 2026-06-03 14:47:51.545022 |
Exception logging in Sharepoint app reveals clear-text connection details
MEDIUM (4)
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`.
Published: 2022-10-27T00:00:00.000Z
Updated: 2025-04-22T17:17:00.586Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39346 |
vulnerable | 2026-06-03 14:47:51.511925 |
Missing length validation of user displayname in nextcloud server
LOW (3.5)
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.
Published: 2022-11-25T00:00:00.000Z
Updated: 2025-04-23T16:34:56.234Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39330 |
vulnerable | 2026-06-03 14:47:51.489080 |
Database resource exhaustion for logged-in users via sharee recommendations with circles
MEDIUM (4.8)
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app.
Published: 2022-10-27T00:00:00.000Z
Updated: 2025-04-23T16:42:15.849Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39329 |
vulnerable | 2026-06-03 14:47:51.488638 |
Profile of disabled user stays accessible
LOW (3.5)
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.
Published: 2022-10-27T00:00:00.000Z
Updated: 2025-04-23T16:42:20.963Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-39211 |
vulnerable | 2026-06-03 14:47:51.245561 |
Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server
LOW (3)
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue.
Published: 2022-09-16T23:10:10.000Z
Updated: 2025-04-23T16:58:46.383Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36074 |
vulnerable | 2026-06-03 14:47:39.358503 |
Authentication headers exposed on by Nextcloud Server
MEDIUM (6.4)
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue.
Published: 2022-09-15T22:00:15.000Z
Updated: 2025-04-23T17:09:53.604Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.