CVE-2013-7140

XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.

Published: Jan 26, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-7140
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
open-xchange / open-xchange_appsuite	6.22.1	6.22.1.x
open-xchange / open-xchange_appsuite	-	7.4.1.x
open-xchange / open-xchange_appsuite	6.22.0	6.22.0.x
open-xchange / open-xchange_appsuite	7.0.1	7.0.1.x
open-xchange / open-xchange_appsuite	7.2.2	7.2.2.x
open-xchange / open-xchange_appsuite	7.0.2	7.0.2.x
open-xchange / open-xchange_appsuite	7.4.0	7.4.0.x
open-xchange / open-xchange_appsuite	7.2.0	7.2.0.x
open-xchange / open-xchange_appsuite	7.2.1	7.2.1.x
open-xchange / open-xchange_appsuite	6.20.7	6.20.7.x

Vulnerability Database

CVE-2013-7140