OXUpdater in Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof update servers and install arbitrary software via a crafted certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-xchange open-xchange server 6.22.1 |
||
open-xchange open-xchange server 6.22.0 |
||
open-xchange open-xchange server 6.20.7 |