CVE-2013-7140

N/A Unknown

Published: January 26, 2014 Modified: April 29, 2026

Description

XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://seclists.org/bugtraq/2014/Jan/57

Source: cve@mitre.org

http://www.osvdb.org/102194

Source: cve@mitre.org

http://www.securityfocus.com/bid/65015

Source: cve@mitre.org

http://www.securitytracker.com/id/1029650

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/90543

Source: cve@mitre.org

http://seclists.org/bugtraq/2014/Jan/57

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/102194

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/65015

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1029650

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/90543

Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.5%

64th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

open-xchange