Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-9998
HistoryJul 05, 2018 - 8:29 p.m.

CVE-2018-9998

2018-07-0520:29:00
CWE-200
[email protected]
web.nvd.nist.gov
19
cve-2018-9998
open-xchange
ox app suite
api
security vulnerability
remote attackers
sensitive information
nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.2%

JSON

Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an “all” action to api/tasks.

Affected configurations

NVD
Node
open-xchangeopen-xchange_appsuiteRange7.6.3
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev14
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev15
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev16
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev17
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev18
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev20
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev22
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev23
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev24
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev25
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev26
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev28
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev29
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev30
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev31
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev32
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev33
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev35
OR
open-xchangeopen-xchange_appsuiteMatch7.6.3rev36
OR
open-xchangeopen-xchange_appsuiteMatch7.8.0
OR
open-xchangeopen-xchange_appsuiteMatch7.8.2
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev10
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev11
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev12
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev13
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev14
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev15
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev16
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev17
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev18
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev19
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev20
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev21
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev22
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev23
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev24
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev25
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev26
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev27
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev28
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev29
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev30
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev31
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev32
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev33
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev34
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev35
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev36
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev38
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev39
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev40
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev41
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev42
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev43
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev44
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev45
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev46
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev47
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev5
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev6
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev8
OR
open-xchangeopen-xchange_appsuiteMatch7.8.3rev9
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev10
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev11
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev13
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev14
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev15
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev16
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev17
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev18
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev19
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev20
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev21
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev22
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev23
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev24
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev25
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev26
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev27
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev3
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev4
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev5
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev6
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev7
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev8
OR
open-xchangeopen-xchange_appsuiteMatch7.8.4rev9

Related

nvd 1
prion 1
cvelist 1
zdt 1
packetstorm 1
openvas 1
nvd
nvd
CVE-2018-9998
2018-07-05 20:29:00
prion
prion
Open redirect
2018-07-05 20:29:00
cvelist
cvelist
CVE-2018-9998
2018-07-05 20:00:00
zdt
zdt
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure Vulnerabilities
2018-07-03 00:00:00
packetstorm
packetstorm
OX App Suite 7.8.4 XSS / XML Injection / Information Disclosure
2018-07-02 00:00:00
openvas
openvas
Open-Xchange (OX) App Suite Multiple Vulnerabilities (Jul 2018)
2018-07-03 00:00:00

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.2%

JSON
Related for CVE-2018-9998
nvd1prion1cvelist1zdt1packetstorm1openvas1