Improper Access Control in Collabtive
| Advisory ID: | HTB23169 |
| Product: | Collabtive |
| Vendor: | Open Dynamics |
| Vulnerable Versions: | 1.0 and probably prior |
| Tested Version: | 1.0 |
| Advisory Publication: | July 31, 2013 [without technical details] |
| Vendor Notification: | July 31, 2013 |
| Vendor Fix: | August 22, 2013 |
| Public Disclosure: | August 28, 2013 |
| Latest Update: | August 26, 2013 |
| Vulnerability Type: | Improper Access Control [CWE-284] |
| CVE Reference: | CVE-2013-5027 |
| Risk Level: | High |
![]() | |
| CVSSv2 Base Score: | 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) |
| Solution Status: | Fixed by Vendor |
| Discovered and Provided: | High-Tech Bridge Security Research Lab |
| Advisory Details: | |
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Collabtive, which can be exploited to gain complete control over the application. | |
| Solution: | |
| Update to Collabtive 1.1 More Information: http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=11092 https://github.com/philippK-de/Collabtive/commit/a54b60c117ccb406d5aa48bf708c7393d94bfd79 | |
References: | |
| [1] High-Tech Bridge Advisory HTB23169 - https://www.immuniweb.com/advisory/HTB23169 - Improper Access Control in Collabtive. [2] Collabtive - http://collabtive.o-dyn.de/ – Collabtive is a cloud based groupware easy and efficient for your projects. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. | |
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.
