Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L
Vulnerability Type
认证机制不恰当
Vulnerability Title
Open-Xchange App Suite 授权问题漏洞
Vulnerability Description
Open-Xchange App Suite是德国Open-Xchange公司的一个电子邮件及生产力套件客户端软件。 Open-Xchange App Suite 存在安全漏洞,该漏洞源于调用 ChronosRMIService:setEventOrganizer 时,RMI 不需要身份验证。
CVSS Information
N/A
Vulnerability Type
N/A