Lucene search
HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-1651
cve-2013-1651
open-xchange server
x.509 certificates
ssl
man-in-the-middle
spoofing
software installation
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.0%
OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate.
Affected configurations
Node
open-xchangeopen-xchange_serverMatch6.20.7
ORopen-xchangeopen-xchange_serverMatch6.22.0
ORopen-xchangeopen-xchange_serverMatch6.22.1
Related
nvd
nvd
CVE-2013-1651
2013-09-05 11:44:57
cvelist
cvelist
CVE-2013-1651
2022-10-03 16:14:49
prion
prion
Open redirect
2013-09-05 11:44:00
openvas
openvas
Open-Xchange Server Multiple Vulnerabilities (Mar 2013) - Active Check
2013-03-18 00:00:00
seebug
seebug
Open-Xchange Server 6 - Multiple Vulnerabilities
2014-07-01 00:00:00
securityvulns
securityvulns
Open-Xchange Security Advisory 2013-03-13
2013-05-06 00:00:00
packetstorm
packetstorm
Open-Xchange 6 XSS / LFI / SSRF / Hashing
2013-03-14 00:00:00
exploitpack
exploitpack
Open-Xchange Server 6 - Multiple Vulnerabilities
2013-03-15 00:00:00
exploitdb
exploitdb
Open-Xchange Server 6 - Multiple Vulnerabilities
2013-03-15 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.0%
Related for CVE-2013-1651