CVE-2013-4790

Name of the Vulnerable Software and Affected Versions Open-Xchange AppSuite versions prior to 7.0.2 rev14 Open-Xchange AppSuite versions 7.2.0 prior to rev11 Open-Xchange AppSuite versions 7.2.1 prior to rev10 Open-Xchange AppSuite versions 7.2.2 prior to rev9

Description The issue relies on user-supplied data to predict the IMAP server hostname for an external domain name. This allows remote authenticated users to discover e-mail credentials of other users in certain circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.

Recommendations For Open-Xchange AppSuite versions prior to 7.0.2 rev14, update to version 7.0.2 rev14 or later. For Open-Xchange AppSuite versions 7.2.0 prior to rev11, update to version 7.2.0 rev11 or later. For Open-Xchange AppSuite versions 7.2.1 prior to rev10, update to version 7.2.1 rev10 or later. For Open-Xchange AppSuite versions 7.2.2 prior to rev9, update to version 7.2.2 rev9 or later.