Open-Xchange Security Advisory 2013-11-06

看板Bugtraq作者時間12年前 (2013/12/22 10:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 29147 (Bug ID) Vulnerability type: CWE-80 (Improper Neutralization of Script-Related HTML= Tags in a Web Page) Vulnerable version: prior to 7.4.0 Vulnerable component: backend Fixed version: 7.2.2-rev25, 7.4.0-rev14 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor notification: 2013-10-07 Solution date: 2013-10-21 Public disclosure: 2013-11-06 CVE reference: CVE-2013-6074 CVSSv2: 5.7 (AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:LM/TD:H/CR:ND/I= R:ND/AR:ND) Vulnerability Details: Embedding Javascript code within a SVG file leads to script execution when = opening that attachment. Malicious code may be transported by E-Mail or fil= e uploads by other users. Inline images within mail are not affected. Risk: Malicious script code can be executed within a users context. This can lead= to session hijacking or triggering unwanted actions via the web interface = (sending mail, deleting data etc.) Solution: Users should update to the latest available patch releases. Users should av= oid opening E-Mail attachments from untrusted sources. Internal reference: 29315 (Bug ID) Vulnerability type: CWE-200 (Information Exposure) Vulnerable version: prior to 7.4.0 Vulnerable component: backend Fixed version: 7.2.2-rev25, 7.4.0-rev14 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor notification: 2013-10-16 Solution date: 2013-10-21 Public disclosure: 2013-11-06 CVE reference: CVE-2013-6241 CVSSv2: 6.2 (AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:U/RC:C/CDP:MH/TD:H/CR:ND/I= R:ND/AR:ND) Vulnerability Details: Information of contacts (birthday, surname, firstname, displayname) are exp= osed through the =E2=80=9CBirthday=E2=80=9D widget using the api/contacts?a= ction=3Dbirthdays call. This affects contact information where the birthday= date is at the next year and the contact information is stored at the same= database schema. Additionally, this is limited to contacts of users that s= hare the same user-id within different contexts. If birthdays are due at th= e following year, the decision tree uses an incorrect SQL statement that by= passes context isolation. Risk: Users from different contexts may gain unauthorized access to a subset of c= ontact data. Solution: Users should update to the latest available patch releases.
更多 martin. 的文章
文章代碼(AID): #1Ijayd5S (Bugtraq)