Deserialization of untrusted data

2014-04-2405:06:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.0%

JSON

The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

CPENameOperatorVersion
open-xchange_appsuiteeq7.4.2
open-xchange_appsuiteeq7.2.0
open-xchange_appsuiteeq7.2.1
open-xchange_appsuitele7.2.2
open-xchange_appsuiteeq7.4.1