CVE-2013-7140
Last modified
CVE-2013-7140 is a vulnerability of currently unknown severity. XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.. EPSS estimates a 1.76% chance of exploitation in the next 30 days.
Description
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Open-Xchange | Open-Xchange Appsuite | <= 7.4.1 |
| Open-Xchange | Open-Xchange Appsuite | 6.20.7 |
| Open-Xchange | Open-Xchange Appsuite | 6.22.0 |
| Open-Xchange | Open-Xchange Appsuite | 6.22.1 |
| Open-Xchange | Open-Xchange Appsuite | 7.0.1 |
| Open-Xchange | Open-Xchange Appsuite | 7.0.2 |
| Open-Xchange | Open-Xchange Appsuite | 7.2.0 |
| Open-Xchange | Open-Xchange Appsuite | 7.2.1 |
| Open-Xchange | Open-Xchange Appsuite | 7.2.2 |
| Open-Xchange | Open-Xchange Appsuite | 7.4.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-7140?
How severe is CVE-2013-7140?
How do I fix CVE-2013-7140?
Are you affected by CVE-2013-7140?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST