Web application abuses : Open-Xchange (OX) AppSuite Improper Access Control Vulnerability (Bug ID 61315)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.112179

Kategorie: Web application abuses

Titel: Open-Xchange (OX) AppSuite Improper Access Control Vulnerability (Bug ID 61315)

Zusammenfassung: Open-Xchange (OX) AppSuite is prone to an improper access control vulnerability.;; This VT has been replaced by 'Open-Xchange (OX) AppSuite Access Control Vulnerability (Bug ID 61315)' (OID: 1.3.6.1.4.1.25623.1.0.142235).

Beschreibung: Summary:
Open-Xchange (OX) AppSuite is prone to an improper access control vulnerability.

This VT has been replaced by 'Open-Xchange (OX) AppSuite Access Control Vulnerability (Bug ID 61315)' (OID: 1.3.6.1.4.1.25623.1.0.142235).

Vulnerability Insight:
In case users did choose not to 'stay signed in' or the operator disabled that functionality,
cookies are maintained for a 'session' lifetime to make sure they expire after the browser session has ended.
Using 'reload' on the existing browser session led to the impression that the session is already terminated as the login
screen would be shown afterwards. However, those cookies are maintained by the browser for the remainder of the session until
termination of the browser tab or window.

Vulnerability Impact:
Users could get the incorrect impression that their session has been terminated
after reloading the browser window. In fact, the credentials for authentication (cookies) were maintained and
other users with physical access to the browser could re-use them to execute API calls and access other users data.

Affected Software/OS:
All Open-Xchange AppSuite versions before 7.8.3-rev53, 7.8.4 before rev51, 7.10.0 before rev25 and 7.10.1 before rev7.

Solution:
Update to version 7.8.3-rev53, 7.8.4-rev51, 7.10.0-rev25 or 7.10.1-rev7 respectively.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-7158
https://www.open-xchange.com/

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.112179
Kategorie:	Web application abuses
Titel:	Open-Xchange (OX) AppSuite Improper Access Control Vulnerability (Bug ID 61315)
Zusammenfassung:	Open-Xchange (OX) AppSuite is prone to an improper access control vulnerability.;; This VT has been replaced by 'Open-Xchange (OX) AppSuite Access Control Vulnerability (Bug ID 61315)' (OID: 1.3.6.1.4.1.25623.1.0.142235).
Beschreibung:	Summary: Open-Xchange (OX) AppSuite is prone to an improper access control vulnerability. This VT has been replaced by 'Open-Xchange (OX) AppSuite Access Control Vulnerability (Bug ID 61315)' (OID: 1.3.6.1.4.1.25623.1.0.142235). Vulnerability Insight: In case users did choose not to 'stay signed in' or the operator disabled that functionality, cookies are maintained for a 'session' lifetime to make sure they expire after the browser session has ended. Using 'reload' on the existing browser session led to the impression that the session is already terminated as the login screen would be shown afterwards. However, those cookies are maintained by the browser for the remainder of the session until termination of the browser tab or window. Vulnerability Impact: Users could get the incorrect impression that their session has been terminated after reloading the browser window. In fact, the credentials for authentication (cookies) were maintained and other users with physical access to the browser could re-use them to execute API calls and access other users data. Affected Software/OS: All Open-Xchange AppSuite versions before 7.8.3-rev53, 7.8.4 before rev51, 7.10.0 before rev25 and 7.10.1 before rev7. Solution: Update to version 7.8.3-rev53, 7.8.4-rev51, 7.10.0-rev25 or 7.10.1-rev7 respectively. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-7158 https://www.open-xchange.com/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH