CVE-2016-6852
MEDIUMOpen-Xchange AppSuite < 7.8.2 - Unauthenticated Local File Path Disclosure via RSS Reader
Title source: llmDescription
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93459
Scores
CVSS v3
4.3
EPSS
0.0022
EPSS Percentile
44.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
open-xchange/open-xchange_appsuite
< 7.8.2
Published
Dec 15, 2016
Tracked Since
Feb 18, 2026