OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N
Vendors Products
Open-xchange
  • Open-xchange Server

Configuration 1 [-]

OR cpe:2.3:a:open-xchange:open-xchange_server:6.20.7:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_server:6.22.0:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_server:6.22.1:*:*:*:*:*:*:*
References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html Exploit
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:14:49

Updated: 2022-10-03T16:14:49

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-1651

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2013-09-05T11:44:57.517

Modified: 2014-03-05T19:01:26.993

Link: CVE-2013-1651

JSON object: View

cve-icon Redhat Information

No data.

CWE