Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1651Server vulnerability

CWE-3104 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.6%
top 29.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Open-xchange Server
Timeline
PublishedSep 5
Latest updateMay 17

Description

OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDopen-xchange/open-xchange_server6.20.7, 6.22.0, 6.22.1+2

🔴Vulnerability Details

2
GHSA
GHSA-cq63-mxm9-9xjx: OXUpdater in Open-Xchange Server before 62022-05-17
CVEList
CVE-2013-1651: OXUpdater in Open-Xchange Server before 62013-09-05

💥Exploits & PoCs

1
Exploit-DB
Open-Xchange Server 6 - Multiple Vulnerabilities2013-03-15
CVE-2013-1651 — Open-xchange Server vulnerability | cvebase