CVE-2013-5934

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different vulnerability than CVE-2013-5200.

Published: Sep 25, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-5934
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:H/Au:N/C:P/I:P/A:N

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
open-xchange / open-xchange_appsuite	7.0.1	7.0.1.x
open-xchange / open-xchange_appsuite	7.0.2	7.0.2.x
open-xchange / open-xchange_appsuite	7.2.0	7.2.0.x
open-xchange / open-xchange_appsuite	7.2.1	7.2.1.x

http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html

Vulnerability Database

CVE-2013-5934