CVE-2016-6848

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.2-rev8

Description An issue allows API requests to inject, generate, and download executable files to the client, known as "Reflected File Download". A malicious platform-specific batch file can be created via a trusted domain without authentication. If executed by the user, this may lead to local code execution.

Recommendations For versions prior to 7.8.2-rev8, update to version 7.8.2-rev8 or later to resolve the issue. As a temporary workaround, consider restricting access to API endpoints that allow file downloads to minimize the risk of exploitation. Avoid executing files downloaded from potentially compromised sources.