PT-2013-5444 · Hazelcast+1 · Hazelcast+1

Published

2013-09-25

Updated

2013-10-15

CVE-2013-5200

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Open-Xchange AppSuite versions 7.0.0 through 7.0.2-rev14 Open-Xchange AppSuite versions 7.2.0 through 7.2.2-rev15

Description The issue concerns the REST and memcache interfaces in the Hazelcast cluster API, which do not require authentication. This allows remote attackers to obtain sensitive information or modify data via an API call.

Recommendations For Open-Xchange AppSuite versions 7.0.0 through 7.0.2-rev14, update to version 7.0.2-rev15 or later. For Open-Xchange AppSuite versions 7.2.0 through 7.2.2-rev15, update to version 7.2.2-rev16 or later.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2013-5200

Affected Products

Hazelcast

Open-Xchange Appsuite

PT-2013-5444 · Hazelcast+1 · Hazelcast+1

CVE-2013-5200

Weakness Enumeration

Related Identifiers

Affected Products

References · 3