QwikSec

Security Database

CVE

CWE

Training

CVE-2013-6241

Published: Dec 27, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://forum.open-xchange.com/showthread.php?8059-Open-Xchange-releases-Security-Patch-2013-10-21-for-v7-2-2-and-v7-4-0

x_refsource_CONFIRM

20131106 Open-Xchange Security Advisory 2013-11-06

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.