PT-2016-5820 · Open Xchange · Open-Xchange Appsuite

Published

2016-12-15

Updated

2018-10-19

CVE-2016-4048

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.1-rev11

Description An issue in the login screen notification mechanism for external users allows the injection of arbitrary text messages. This can be exploited for social engineering attacks, where users may be tricked into following instructions injected by third parties.

Recommendations For versions prior to 7.8.1-rev11, update to version 7.8.1-rev11 or later to resolve the issue. As a temporary workaround, consider restricting the ability to inject custom messages at the login screen to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2016-4048

Affected Products

Open-Xchange Appsuite

PT-2016-5820 · Open Xchange · Open-Xchange Appsuite

CVE-2016-4048

Related Identifiers

Affected Products

References · 4