CVE-2016-3174

Name of the Vulnerable Software and Affected Versions Open-Xchange OX AppSuite versions prior to 7.8.0-rev27

Description An issue in the "defer" servlet allows arbitrary URLs to be provided as redirection targets due to missing checks. This can trick users into following a link to a trustworthy domain but ending up at an unexpected service, potentially enhancing phishing attacks.

Recommendations For versions prior to 7.8.0-rev27, update to version 7.8.0-rev27 or later to resolve the issue. As a temporary workaround, consider restricting access to the "defer" servlet to minimize the risk of exploitation.