Информационная безопасность
[RU] switch to English

Многочисленные уязвимости безопасности в Open-Xchange
дополнено с 1 октября 2013 г.
Опубликовано:18 ноября 2013 г.
SecurityVulns ID:13293
Уровень опасности:
Описание:Многочисленные уязвимости.
Затронутые продукты:OPENXCHANGE : Open-Xchange 7.2
CVE:CVE-2013-6074 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.)
 CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.)
 CVE-2013-5200 (The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.)
 CVE-2013-5035 (Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.)
 CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.)
Оригинальный текстdocumentOPENXCHANGE, Open-Xchange Security Advisory 2013-11-06 (18.11.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-09-30 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-09-10 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-08-16 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-07-31 (01.10.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород