3.3
CVE-2023-26427
- EPSS 0.05%
- Published 20.06.2023 08:15:09
- Last modified 21.11.2024 07:51:24
- Source security@open-xchange.com
- Teams watchlist Login
- Open Login
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
Data is provided by the National Vulnerability Database (NVD)
Open-xchange ≫ Open-xchange Appsuite Backend Version < 7.10.6
Open-xchange ≫ Open-xchange Appsuite Backend Version7.10.6
Open-xchange ≫ Open-xchange Appsuite Backend Version7.10.6 Updaterevision_39
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.146 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| security@open-xchange.com | 3.2 | 1.5 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-922 Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.