PT-2013-3297 · Open Xchange · Open-Xchange Server

Published

2013-09-05

Updated

2013-09-26

CVE-2013-1650

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Open-Xchange Server versions prior to 6.20.7 rev14 Open-Xchange Server version 6.22.0 prior to rev13 Open-Xchange Server version 6.22.1 prior to rev14

Description The issue allows local users to obtain sensitive information via standard filesystem operations due to weak permissions.

Recommendations For Open-Xchange Server versions prior to 6.20.7 rev14, update to version 6.20.7 rev14 or later. For Open-Xchange Server version 6.22.0 prior to rev13, update to version 6.22.0 rev13 or later. For Open-Xchange Server version 6.22.1 prior to rev14, update to version 6.22.1 rev14 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-1650

Affected Products

Open-Xchange Server

PT-2013-3297 · Open Xchange · Open-Xchange Server

CVE-2013-1650

Weakness Enumeration

Related Identifiers

Affected Products

References · 4