CVE-2013-4790

Severity

35%

Complexity

68%

Confidentiality

48%

Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.

Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.

CVSS 2.0 Base Score 3.5. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N).

Overview

Type

Open-Xchange AppSuite

First reported 11 years ago

2013-09-05 11:44:00

Last updated 11 years ago

2013-09-26 16:36:00

Affected Software

Open-Xchange AppSuite 7.0.2

7.0.2

Open-Xchange AppSuite 7.2.0

7.2.0

Open-Xchange AppSuite 7.2.1

7.2.1

Open-Xchange AppSuite 7.2.2

7.2.2

References

20130731 Open-Xchange Security Advisory 2013-07-31

Exploit

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.