CVE-2023-26455
CVSS V2 None
CVSS V3 None
Description
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
Overview
- CVE ID
- CVE-2023-26455
- Assigner
- OX
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-11-02T13:01:20.424Z
- Last Modified Date
- 2024-01-12T07:09:24.702Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdf | release-notes |
| https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.json | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-26455 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26455 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-24 23:12:02 | Added to TrackCVE |