The E-Mail autoconfiguration feature in Open-Xchange AppSuite prior to 7.2.2-rev20, 7.4.1 prior to 7.4.1-rev11, and 7.4.2 prior to 7.4.2-rev13 places a password in a GET request, which allows remote malicious users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
open-xchange open-xchange appsuite 7.4.2 |
||
open-xchange open-xchange appsuite 7.4.1 |
||
open-xchange open-xchange appsuite 7.2.1 |
||
open-xchange open-xchange appsuite |
||
open-xchange open-xchange appsuite 7.2.0 |