First published: Thu Sep 05 2013(Updated: )
Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Open-xchange Open-xchange Appsuite | =7.0.2 | |
Open-xchange Open-xchange Appsuite | =7.2.0 | |
Open-xchange Open-xchange Appsuite | =7.2.1 | |
Open-xchange Open-xchange Appsuite | =7.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.