CVE-2023-26455

Name of the Vulnerable Software and Affected Versions ChronosRMIService (affected versions not specified)

Description The issue allows attackers with local or adjacent network access to abuse the RMI service and modify calendar items using RMI, due to a lack of authentication requirement when calling setEventOrganizer. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.