Kattsson

**Name of the Vulnerable Software and Affected Versions** OX App Suite versions 7.10.3 and earlier **Description** The issue is related to Incorrect Access Control. It can be exploited via an "/api/subscriptions" request for a snippet containing an email address. **Recommendations** For OX App Suite versions 7.10.3 and earlier, update to a version later than 7.10.3 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/subscriptions" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OX App Suite versions 7.10.1 through 7.10.3 **Description** The issue is related to improper input validation for rate limits, which can be exploited with a crafted User-Agent header. Additionally, it involves spoofed vacation notices and excessive memory consumption through the /apps/load endpoint. **Recommendations** For OX App Suite versions 7.10.1 through 7.10.3, consider updating to a version that addresses the improper input validation issue. As a temporary workaround, restrict access to the /apps/load endpoint to minimize the risk of excessive memory consumption. Avoid using spoofed vacation notices until the issue is resolved.