CVE-2016-4046

Published: Dec 15, 2016Modified: May 6, 2026

5.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.

Affected (1)

Products: Open Xchange: Open Xchange Appsuite

1 product

Open Xchange Appsuite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Open Xchange Open Xchange Appsuite	Up to 7.8.1

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

http://www.securityfocus.com/archive/1/538732/100/0/threaded

Source: cve@mitre.org

http://www.securitytracker.com/id/1036157

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/538732/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036157

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.