CVE-2013-5200
published 2013-09-25CVE-2013-5200: The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.49%
70.9th percentile
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
| open-xchange | open-xchange_appsuite | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mgg6-3fhx-cv73: The Hazelcast cluster API in Open-Xchange AppSuite 7
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2013-5935 [HIGH] CWE-200 GHSA-mgg6-3fhx-cv73: The Hazelcast cluster API in Open-Xchange AppSuite 7
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended location, a different vulnerability than CVE-2013-5200.
GHSA
GHSA-x39v-5f2v-4j33: Open-Xchange AppSuite 7
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2013-5934 [HIGH] GHSA-x39v-5f2v-4j33: Open-Xchange AppSuite 7
Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.
GHSA
GHSA-f6f5-p56q-68jm: The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7
ghsa_unreviewed·2022-05-17
CVE-2013-5200 [HIGH] CWE-287 GHSA-f6f5-p56q-68jm: The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.
GHSA
GHSA-qvcm-3pr4-v334: The Hazelcast cluster API in Open-Xchange AppSuite 7
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2013-5936 [HIGH] CWE-200 GHSA-qvcm-3pr4-v334: The Hazelcast cluster API in Open-Xchange AppSuite 7
The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) network configuration, (3) user sessions, (4) the memcache interface, and (5) the REST interface via API calls such as a hazelcast/rest/cluster/ call, a different vulnerability than CVE-2013-5200.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-09-25
Published