CVE-2023-26455
First published: Thu Nov 02 2023(Updated: )
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
Credit: security@open-xchange.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <7.10.6 | ||
| =7.10.6 | ||
| =7.10.6-patch_release_6069 | ||
| =7.10.6-patch_release_6073 | ||
| =7.10.6-patch_release_6080 | ||
| =7.10.6-patch_release_6085 | ||
| =7.10.6-patch_release_6093 | ||
| =7.10.6-patch_release_6102 | ||
| =7.10.6-patch_release_6112 | ||
| =7.10.6-patch_release_6121 | ||
| =7.10.6-patch_release_6133 | ||
| =7.10.6-patch_release_6138 | ||
| =7.10.6-patch_release_6141 | ||
| =7.10.6-patch_release_6146 | ||
| =7.10.6-patch_release_6147 | ||
| =7.10.6-patch_release_6148 | ||
| =7.10.6-patch_release_6150 | ||
| =7.10.6-patch_release_6156 | ||
| =7.10.6-patch_release_6161 | ||
| =7.10.6-patch_release_6166 | ||
| =7.10.6-patch_release_6173 | ||
| =7.10.6-patch_release_6176 | ||
| =7.10.6-patch_release_6178 | ||
| =7.10.6-patch_release_6189 | ||
| =7.10.6-patch_release_6194 | ||
| =7.10.6-patch_release_6199 | ||
| =7.10.6-patch_release_6204 | ||
| =7.10.6-patch_release_6205 | ||
| =7.10.6-patch_release_6209 | ||
| =7.10.6-patch_release_6210 | ||
| =7.10.6-patch_release_6214 | ||
| =7.10.6-patch_release_6215 | ||
| =7.10.6-patch_release_6216 | ||
| =7.10.6-patch_release_6218 | ||
| =7.10.6-patch_release_6219 | ||
| =7.10.6-patch_release_6220 | ||
| =7.10.6-patch_release_6227 | ||
| =7.10.6-patch_release_6230 | ||
| =7.10.6-patch_release_6233 | ||
| =7.10.6-patch_release_6235 | ||
| =7.10.6-patch_release_6236 | ||
| =7.10.6-patch_release_6239 | ||
| =7.10.6-patch_release_6241 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2023-26455.
What is the severity of CVE-2023-26455?
The severity of CVE-2023-26455 is high with a severity value of 7.8.
How does CVE-2023-26455 affect Open-xchange Appsuite?
CVE-2023-26455 affects Open-xchange Appsuite 7.10.6.
What is the risk of CVE-2023-26455?
The risk of CVE-2023-26455 is that attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI.
How can I fix CVE-2023-26455?
To fix CVE-2023-26455, update Open-xchange Appsuite to version 7.10.6-patch_release_6243 or later.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/open-xchange
- canonical/open-xchange open-xchange appsuite
- version/open-xchange open-xchange appsuite/7.10.6
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6069
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6073
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6080
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6085
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6093
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6102
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6112
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6121
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6133
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6138
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6141
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6146
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6147
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6148
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6150
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6156
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6161
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6166
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6173
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6176
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6178
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6189
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6194
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6199
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6204
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6205
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6209
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6210
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6214
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6215
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6216
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6218
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6219
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6220
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6227
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6230
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6233
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6235
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6236
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6239
- version/open-xchange open-xchange appsuite/7.10.6-patch_release_6241