Vulnerabilities > CVE-2013-4790 - Credentials Management vulnerability in Open-Xchange Appsuite

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

open-xchange

CWE-255

NVD

Published: 2013-09-05

Updated: 2013-09-26

Summary

Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.

Vulnerable Configurations

Part	Description	Count
Application	Open-Xchange Open Xchange Open Xchange Appsuite 7.0.2 Open Xchange Open Xchange Appsuite 7.2.0 Open Xchange Open Xchange Appsuite 7.2.1 Open Xchange Open Xchange Appsuite 7.2.2	4

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Packetstorm

data source	https://packetstormsecurity.com/files/download/122635/openxchange-inject.txt
id	PACKETSTORM:122635
last seen	2016-12-05
published	2013-08-01
reporter	Martin Braun
source	https://packetstormsecurity.com/files/122635/Open-Xchange-AppSuite-7.2.2-Phishing-Data-Injection.html
title	Open-Xchange AppSuite 7.2.2 Phishing / Data Injection

References

http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html