2 matches found
CVE-2023-26455
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...
CVE-2023-26455
CVE-2023-26455 affects Open-Xchange App Suite via ChronosRMIService.setEventOrganizer. The issue is an authentication bypass in the RMI interface: RMI did not require authentication, allowing attackers with local or adjacent network access to modify calendar items. By default, RMI was restricted ...