CVE-2013-5934

Open-Xchange AppSuite <7.0.2-rev15/7.2.2-rev16 Unauthenticated Cluster Expansion via Hardcoded Hazelcast Password

Title source: llm
STIX 2.1

Description

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.

References (1)

Core 1
Core References
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html

Scores

EPSS 0.0024
EPSS Percentile 47.5%

Details

CWE
CWE-255
Status published
Products (4)
open-xchange/open-xchange_appsuite 7.0.1
open-xchange/open-xchange_appsuite 7.0.2
open-xchange/open-xchange_appsuite 7.2.0
open-xchange/open-xchange_appsuite 7.2.1
Published Sep 25, 2013
Tracked Since Feb 18, 2026