Vulnerability Details CVE-2014-9466
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.9%
CVSS Severity
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html
- http://www.securityfocus.com/archive/1/534695/100/0/threaded
- http://www.securityfocus.com/bid/72587
- http://www.securitytracker.com/id/1031744
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100867
- http://packetstormsecurity.com/files/130379/Open-Xchange-Server-6-OX-AppSuite-7.6.1-Exposure.html
- http://www.securityfocus.com/archive/1/534695/100/0/threaded
- http://www.securityfocus.com/bid/72587
- http://www.securitytracker.com/id/1031744
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100867
Products affected by CVE-2014-9466
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0
-
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1