CVE-2016-4047 — Sensitive Information Exposure in Appsuite

CWE-200 — Sensitive Information Exposure CWE-611 — XML External Entity (XXE) Injection3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 67.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite

Timeline

PublishedDec 15

Latest updateMay 14

Description

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the generated document. As a result an attacker can track access to a manipulated document. Usage of a document may get tracked and information about internal infrastructure may get exposed.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDopen-xchange/open-xchange_appsuite7.8.1

🔴Vulnerability Details

GHSA

GHSA-8ffc-33px-g32x: An issue was discovered in Open-Xchange OX App Suite before 7↗2022-05-14

▶

CVEList

CVE-2016-4047: An issue was discovered in Open-Xchange OX App Suite before 7↗2016-12-15

▶