PT-2013-5444 · Hazelcast+1 · Hazelcast+1

Publicado

2013-09-25

Atualizado

2013-10-15

CVE-2013-5200

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Open-Xchange AppSuite versions 7.0.0 through 7.0.2-rev14 Open-Xchange AppSuite versions 7.2.0 through 7.2.2-rev15

Description The issue concerns the REST and memcache interfaces in the Hazelcast cluster API, which do not require authentication. This allows remote attackers to obtain sensitive information or modify data via an API call.

Recommendations For Open-Xchange AppSuite versions 7.0.0 through 7.0.2-rev14, update to version 7.0.2-rev15 or later. For Open-Xchange AppSuite versions 7.2.0 through 7.2.2-rev15, update to version 7.2.2-rev16 or later.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2013-5200

Produtos afetados

Hazelcast

Open-Xchange Appsuite

PT-2013-5444 · Hazelcast+1 · Hazelcast+1

CVE-2013-5200

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3