Unrated severityNVD Advisory· Published Nov 2, 2023· Updated Aug 2, 2024

CVE-2023-26455

Description

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.

Affected products

Open-Xchange/Appsuitellm-fuzzy
OX Software GmbH/OX App Suitev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0004.jsonmitrevendor-advisory
software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6243_7.10.6_2023-08-01.pdfmitrerelease-notes

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000