CVE-2016-3174Open Redirect in Appsuite

CWE-601Open Redirect3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 57.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Open-xchange Appsuite
Timeline
PublishedDec 15
Latest updateMay 14

Description

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hrfh-hw79-vvhm: An issue was discovered in Open-Xchange OX AppSuite before 72022-05-14
CVEList
CVE-2016-3174: An issue was discovered in Open-Xchange OX AppSuite before 72016-12-15
CVE-2016-3174 — Open Redirect in Open-xchange Appsuite | cvebase