CVE-2016-6848 — Appsuite vulnerability

CWE-2543 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open-xchange Appsuite

Timeline

PublishedDec 15

Latest updateMay 17

Description

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDopen-xchange/open-xchange_appsuite7.8.2

🔴Vulnerability Details

GHSA

GHSA-pjhj-qvqf-vx3g: An issue was discovered in Open-Xchange OX App Suite before 7↗2022-05-17

▶

CVEList

CVE-2016-6848: An issue was discovered in Open-Xchange OX App Suite before 7↗2016-12-15

▶