CVE-2013-5934 — Appsuite vulnerability

3 documents3 sources

Severity

4.0MEDIUMNVD

CNA7.5

EPSS

0.2%

top 52.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite

Timeline

PublishedSep 25

Latest updateMay 17

Description

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

▶NVDopen-xchange/open-xchange_appsuite4 versions+3

🔴Vulnerability Details

GHSA

GHSA-x39v-5f2v-4j33: Open-Xchange AppSuite 7↗2022-05-17

▶

CVEList

CVE-2013-5934: Open-Xchange AppSuite 7↗2013-09-25

▶