CVE-2016-4048 — MEDIUM (4.3)

Q: How severe is CVE-2016-4048?

CVE-2016-4048 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4048?

Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Open-Xchange Appsuite.

Vulnerability Description

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.

CVSS Score

4.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Open-Xchange	Open-Xchange Appsuite	<= 7.8.1

References

http://www.securityfocus.com/archive/1/538732/100/0/threaded
http://www.securitytracker.com/id/1036157Third Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/538732/100/0/threaded
http://www.securitytracker.com/id/1036157Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-4048?

CVE-2016-4048 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can b...

How severe is CVE-2016-4048?

CVE-2016-4048 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4048?

Check the references section above for vendor advisories and patch information. Affected products include: Open-Xchange Open-Xchange Appsuite.