CVE-2013-6241

The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.0:*:*:*:*:*:*:*

Information

Published : 2014-12-27 10:59

Updated : 2014-12-29 15:00


NVD link : CVE-2013-6241

Mitre link : CVE-2013-6241


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

open-xchange

  • open-xchange_appsuite