Vulnerability Details : CVE-2023-26427
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
Products affected by CVE-2023-26427
- cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:*:*:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:7.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:7.10.6:revision_39:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-26427
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-26427
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST | |
3.2
|
LOW | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N |
1.5
|
1.4
|
Open-Xchange |
CWE ids for CVE-2023-26427
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
-
The product stores sensitive information without properly limiting read or write access by unauthorized actors.Assigned by: security@open-xchange.com (Secondary)
References for CVE-2023-26427
-
http://seclists.org/fulldisclosure/2023/Jun/8
Full Disclosure: OXAS-ADV-2023-0002: OX App Suite Security AdvisoryMailing List;Third Party Advisory
-
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json
-
http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html
OX App Suite SSRF / Resource Consumption / Command Injection ≈ Packet StormThird Party Advisory;VDB Entry
-
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf
Release Notes
-
https://documentation.open-xchange.com/security/advisories/csaf/oxas-adv-2023-0002.json
Third Party Advisory
Jump to