Vulnerability Description
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open-Xchange | Open-Xchange Appsuite | <= 7.8.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/538732/100/0/threaded
- http://www.securitytracker.com/id/1036157Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/538732/100/0/threaded
- http://www.securitytracker.com/id/1036157Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-4046?
CVE-2016-4046 is a vulnerability with a CVSS score of 5.8 (MEDIUM). An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the...
How severe is CVE-2016-4046?
CVE-2016-4046 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4046?
Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Open-Xchange Appsuite.