CVE-2013-1651

Open-xchange Server - Cryptographic Issue

Title source: rule
STIX 2.1

Description

OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate.

Exploits (1)

exploitdb WRITEUP
by Martin Braun · textwebappsjava
https://www.exploit-db.com/exploits/24791

References (1)

Core 1
Core References
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html

Scores

EPSS 0.0063
EPSS Percentile 70.4%

Details

CWE
CWE-310
Status published
Products (3)
open-xchange/open-xchange_server 6.20.7
open-xchange/open-xchange_server 6.22.0
open-xchange/open-xchange_server 6.22.1
Published Sep 05, 2013
Tracked Since Feb 18, 2026