Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-26427

Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.

Published

2023-06-20T08:15:09.073

Last Modified

2024-11-21T07:51:24.863

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.2 (LOW)

Weaknesses

Type: Secondary
CWE-922
Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	open-xchange	open-xchange_appsuite_backend	< 7.10.6	Yes
Application	open-xchange	open-xchange_appsuite_backend	7.10.6	Yes
Application	open-xchange	open-xchange_appsuite_backend	7.10.6	Yes

References

http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html Third Party Advisory, VDB Entry ([email protected])
http://seclists.org/fulldisclosure/2023/Jun/8 Mailing List, Third Party Advisory ([email protected])
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json ([email protected])
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf Release Notes ([email protected])
http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Jun/8 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json (af854a3a-2127-422b-91ae-364da2661108)
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf Release Notes (af854a3a-2127-422b-91ae-364da2661108)