VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 17, 2015· Updated May 6, 2026

CVE-2014-9466

CVE-2014-9466

Description

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."

Affected products

6
  • Open-Xchange/Ox Serverinferred2 versions
    <7.4.2-rev42 || >=7.6.0,<7.6.0-rev36 || >=7.6.1,<7.6.1-rev14+ 1 more
    • (no CPE)range: <7.4.2-rev42 || >=7.6.0,<7.6.0-rev36 || >=7.6.1,<7.6.1-rev14
    • (no CPE)range: <7.4.2-rev42, <7.6.0-rev36, <7.6.1-rev14
  • Open-Xchange/Appsuite4 versions
    cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:open-xchange:open-xchange_appsuite:7.6.1:*:*:*:*:*:*:*
    • (no CPE)range: <7.4.2-rev42, <7.6.0-rev36, <7.6.1-rev14

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.