CVE-2016-6852

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.2-rev8

Description An issue in Open-Xchange OX App Suite allows users to provide local file paths to the RSS reader. The response and error code can give hints about whether the provided file exists or not, potentially allowing attackers to discover specific system files or library versions on the middleware server and prepare further attacks.

Recommendations For versions prior to 7.8.2-rev8, update to version 7.8.2-rev8 or later to resolve the issue. As a temporary workaround, consider restricting access to the RSS reader functionality until a patch is applied.