CVE-2014-9466Appsuite vulnerability

CWE-2643 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.1%
top 72.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Open-xchange Appsuite
Timeline
PublishedFeb 17
Latest updateMay 14

Description

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDopen-xchange/open-xchange_appsuite7.4.2, 7.6.0, 7.6.1+2

🔴Vulnerability Details

2
GHSA
GHSA-6x7j-xwg6-qmjx: Open-Xchange (OX) AppSuite and Server before 72022-05-14
CVEList
CVE-2014-9466: Open-Xchange (OX) AppSuite and Server before 72015-02-17
CVE-2014-9466 — Open-xchange Appsuite vulnerability | cvebase