Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday, displayname, firstname, and surname information via a birthdays action to api/contacts, aka bug 29315.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open-Xchange AppSuite 信息泄露漏洞
Vulnerability Description
Open-Xchange AppSuite(OX AppSuite)是美国Open-Xchange公司的一套Web云桌面环境。该环境允许用户更直观的管理电子邮件、任务和文件等。 OX AppSuite 7.2.0版本至7.2.2版本和7.4.0版本的backend中的Birthday widget存在安全漏洞,该漏洞源于user-id共享的脚本没有为next-year birthdays正确构造SQL语句。远程攻击者可借助birthdays操作利用该漏洞获取敏感的birthday、displayname、
CVSS Information
N/A
Vulnerability Type
N/A