Lucene search

PRIOn knowledge basePRION:CVE-2013-5934

HistorySep 25, 2013 - 10:31 a.m.

Hardcoded credentials

2013-09-2510:31:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.9%

JSON

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.

CPENameOperatorVersion
open-xchange_appsuiteeq7.0.1
open-xchange_appsuiteeq7.0.2
open-xchange_appsuiteeq7.2.0
open-xchange_appsuiteeq7.2.1

Name	Operator	Version
open-xchange_appsuite	eq	7.0.1
open-xchange_appsuite	eq	7.0.2
open-xchange_appsuite	eq	7.2.0
open-xchange_appsuite	eq	7.2.1

References

archives.neohapsis.com/archives/bugtraq/2013-09/0032.html

7.1 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

59.9%

JSON

Related for PRION:CVE-2013-5934