Description
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90543
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65015
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/102194
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029650
Mailing List mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2014/Jan/57
Scores
EPSS
0.0045
EPSS Percentile
64.0%
Details
Status
published
Products (10)
open-xchange/open-xchange_appsuite
6.20.7
open-xchange/open-xchange_appsuite
6.22.0
open-xchange/open-xchange_appsuite
6.22.1
open-xchange/open-xchange_appsuite
7.0.1
open-xchange/open-xchange_appsuite
7.0.2
open-xchange/open-xchange_appsuite
7.2.0
open-xchange/open-xchange_appsuite
7.2.1
open-xchange/open-xchange_appsuite
7.2.2
open-xchange/open-xchange_appsuite
7.4.0
open-xchange/open-xchange_appsuite
< 7.4.1
Published
Jan 26, 2014
Tracked Since
Feb 18, 2026