What is the severity of CVE-2013-7140?

CVE-2013-7140 has been classified with a moderate severity level due to its exploitation potential leading to unauthorized file access.

How do I fix CVE-2013-7140?

To fix CVE-2013-7140, update your Open-Xchange AppSuite software to a version later than 7.4.1.

What type of vulnerability is CVE-2013-7140?

CVE-2013-7140 is an XML External Entity (XXE) vulnerability affecting the CalDAV interface.

Who is affected by CVE-2013-7140?

Users of Open-Xchange AppSuite versions 7.4.1 and earlier, including specific versions down to 6.20.7, are affected by CVE-2013-7140.

What can an attacker do with CVE-2013-7140?

An attacker can exploit CVE-2013-7140 to read portions of arbitrary files on the server, compromising sensitive data.

Vulnerability/
CVE-2013-7140

medium

CWE

26/1/2014

29/8/2017

CVE-2013-7140: Path Traversal

First published: Sun Jan 26 2014(Updated: )

XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Open-Xchange App Suite Backend	<=7.4.1
Open-Xchange App Suite Backend	=6.20.7
Open-Xchange App Suite Backend	=6.22.0
Open-Xchange App Suite Backend	=6.22.1
Open-Xchange App Suite Backend	=7.0.1
Open-Xchange App Suite Backend	=7.0.2
Open-Xchange App Suite Backend	=7.2.0
Open-Xchange App Suite Backend	=7.2.1
Open-Xchange App Suite Backend	=7.2.2
Open-Xchange App Suite Backend	=7.4.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-7140?
CVE-2013-7140 has been classified with a moderate severity level due to its exploitation potential leading to unauthorized file access.
How do I fix CVE-2013-7140?
To fix CVE-2013-7140, update your Open-Xchange AppSuite software to a version later than 7.4.1.
What type of vulnerability is CVE-2013-7140?
CVE-2013-7140 is an XML External Entity (XXE) vulnerability affecting the CalDAV interface.
Who is affected by CVE-2013-7140?
Users of Open-Xchange AppSuite versions 7.4.1 and earlier, including specific versions down to 6.20.7, are affected by CVE-2013-7140.
What can an attacker do with CVE-2013-7140?
An attacker can exploit CVE-2013-7140 to read portions of arbitrary files on the server, compromising sensitive data.

agent/severity
agent/references
agent/weakness
agent/author
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/open-xchange
canonical/open-xchange app suite backend
version/open-xchange app suite backend/7.4.1
version/open-xchange app suite backend/6.20.7
version/open-xchange app suite backend/6.22.0
version/open-xchange app suite backend/6.22.1
version/open-xchange app suite backend/7.0.1
version/open-xchange app suite backend/7.0.2
version/open-xchange app suite backend/7.2.0
version/open-xchange app suite backend/7.2.1
version/open-xchange app suite backend/7.2.2
version/open-xchange app suite backend/7.4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.