Vulnerabilities > Open Xchange > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-05 | CVE-2013-1650 | Permissions, Privileges, and Access Controls vulnerability in Open-Xchange Server 6.20.7/6.22.0/6.22.1 Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations. | 2.1 |
| 2013-09-05 | CVE-2013-4790 | Credentials Management vulnerability in Open-Xchange Appsuite Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server. | 3.5 |
| 2013-09-05 | CVE-2013-5698 | Cross-Site Scripting vulnerability in Open-Xchange Appsuite and Open-Xchange Server Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106. | 3.5 |