4 matches found
CVE-2023-26455
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...
CVE-2023-26455
CVE-2023-26455 affects Open-Xchange App Suite via ChronosRMIService.setEventOrganizer. The issue is an authentication bypass in the RMI interface: RMI did not require authentication, allowing attackers with local or adjacent network access to modify calendar items. By default, RMI was restricted ...
CVE-2023-26455
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...
PT-2023-20648 · Unknown · Chronosrmiservice
Name of the Vulnerable Software and Affected Versions: ChronosRMIService affected versions not specified Description: The issue allows attackers with local or adjacent network access to abuse the RMI service and modify calendar items using RMI, due to a lack of authentication requirement when...