Multiple Calendars Secure Mail

Question: Can I synchronize multiple calendar or contacts folders using Secure Mail? Answer: You can only synchronize your default calendar folder, contact folder, and tasks folder. There is a third party limitation related to how Active Sync works, on the Microsoft website you can find the...

Open-Xchange: Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation)

Hi Team, Description : Read only user of calendar folder shouldn't be able access any private appointments. I have found a move calendar folder request which is working for read only user. Once Attacker moves the appointment to his folder , then he can Access private appointments. Vulnerable HTTP...

Open-Xchange: Unauthorized access to attachments details of Private Calendar appointments (Access control issue)

Hi Team, Description : In calendar folder there is a permission settings where user can be assigned as read only user of it's own objects . User with this permission shouldn't be able to view private appointments and it's attachments . There is request of getting attachment details from server...

Open-Xchange: Resend invitation to members by Read only user(Privilege Escalation)

Hi Team, Description : ViewerRead only user of any entityEx: Address book, Folder etc. doesn't have access to permission section. This user can't make any action in permission/Invite people section. But Resending invitation HTTP request is vulnerable and it doesn't check whether the user is Owner...