// For flags

CVE-2013-4790

Open-Xchange AppSuite 7.2.2 Phishing / Data Injection

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.

Múltiples vulnerabilidades XSS en Open-Xchange AppSuite, 7.0.2 rev14, 7.2.0 anteior a rev11, 7.2.1 anteior a rev10, y 7.2.2 anteior a rev9 depende de los datos proporcionados por el usuario para predecir el nombre de host para un dominio externo, lo que permite a usuarios autenticados remotamente descubrir las credenciales de correo de otros usuarios en circunstancias oportunas a través de una asociación manual de una dirección de correo personal con el nombre manipulado del servidor IMAP.

Open-Xchange AppSuite versions 7.2.2 and below suffer from phishing and data injection vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-07-11 CVE Reserved
  • 2013-08-01 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-255: Credentials Management Errors
CAPEC
References (1)
URL Tag Source
URL Date SRC
http://archives.neohapsis.com/archives/bugtraq/2013-07/0204.html 2024-09-16
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Open-xchange
Search vendor "Open-xchange"
 Open-xchange Appsuite
Search vendor "Open-xchange" for product "Open-xchange Appsuite"
 7.0.2
Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.0.2"
-
Affected
Open-xchange
Search vendor "Open-xchange"
 Open-xchange Appsuite
Search vendor "Open-xchange" for product "Open-xchange Appsuite"
 7.2.0
Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.2.0"
-
Affected
Open-xchange
Search vendor "Open-xchange"
 Open-xchange Appsuite
Search vendor "Open-xchange" for product "Open-xchange Appsuite"
 7.2.1
Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.2.1"
-
Affected
Open-xchange
Search vendor "Open-xchange"
 Open-xchange Appsuite
Search vendor "Open-xchange" for product "Open-xchange Appsuite"
 7.2.2
Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version "7.2.2"
-
Affected