PT-2014-4676 · Open Xchange · Open-Xchange Appsuite

Published

2014-04-17

·

Updated

2014-04-24

·

CVE-2014-2392

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Open-Xchange AppSuite versions prior to 7.2.2-rev20 Open-Xchange AppSuite versions prior to 7.4.1-rev11 Open-Xchange AppSuite versions prior to 7.4.2-rev13
Description The E-Mail autoconfiguration feature in Open-Xchange AppSuite places a password in a GET request. This allows remote attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history.
Recommendations For versions prior to 7.2.2-rev20, update to version 7.2.2-rev20 or later. For versions prior to 7.4.1-rev11, update to version 7.4.1-rev11 or later. For versions prior to 7.4.2-rev13, update to version 7.4.2-rev13 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-2392

Affected Products

Open-Xchange Appsuite