Published: 15/12/2016 Updated: 19/10/2018

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 3.5 | Impact Score: 1.4 | Exploitability Score: 2.1

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.

Vulnerable Product	Search on Vulmon	Subscribe to Product
open-xchange open-xchange appsuite

Open-Xchange App Suite versions 781 and below suffer from an information disclosure vulnerability ...

CWE-200 http://www.securitytracker.com/id/1036157 http://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html http://www.securityfocus.com/archive/1/538732/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/137599/Open-Xchange-App-Suite-7.8.1-Information-Disclosure.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-4027

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect