Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9466

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-9466
Last Modified 18 Feb 2015 01:33:56
Published 17 Feb 2015 10:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-9466

Summary

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."

Vulnerable Systems

Application

  • Open-xchange Appsuite 7.4.2

  • Open-xchange Appsuite 7.6.0

  • Open-xchange Appsuite 7.6.1


References

XF - openxchange-cve20149466-info-disc(100867)

SECTRACK - 1031744

BID - 72587

BUGTRAQ - 20150212 Open-Xchange Security Advisory 2015-02-12

MISC - http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html


Last Updated: 27 May 2016 11:07:50