CVE-2016-4046

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.1-rev11

Description An issue allows the API for configuring external mail accounts to be exploited, enabling access to network components within the operator's trust boundary. Users can inject arbitrary hosts and ports into API calls, potentially gathering information about the existence of hosts and services based on response type, content, and latency. This could allow attackers to obtain internal configuration information about an operator's infrastructure, facilitating subsequent attacks.

Recommendations For versions prior to 7.8.1-rev11, update to version 7.8.1-rev11 or later to resolve the issue. As a temporary workaround, consider restricting access to the API for configuring external mail accounts to minimize the risk of exploitation.