CVE-2023-29051 HIGH

CVE-2023-29051

Vendor Open-Xchange Gmbh
Product OX App Suite
Weakness CWE-284
Published January 8, 2024
Last update November 4, 2025

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known.

Key dates

02Disclosure timeline

January 8, 2024 CVE published
November 4, 2025 Record updated