Open-Xchange (OX) App Suite Multiple Vulnerabilities -03 (Nov 2015)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Open-Xchange Security Advisory 2013-09-10

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 28260 Bug ID Vulnerability type: CWE-16: Configuration, CWE-287: Improper Authentication, CWE-200: Information Exposure Vulnerable version: 7.0.0 to 7.2.2 Vulnerable component: backend default configuration Fixed version...

CVE-2013-5935

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended...

Hardcoded credentials

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different...

Design/Logic Flaw

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about 1 runtime activity, 2 network configuration, 3 user sessions, 4 the memcache interface, and 5 the REST interface via API calls suc...

CVE-2013-5935

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended...