CVE-2016-4048
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may get tricked to follow instructions injected by third parties as part of social engineering attacks.
Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.1-rev11. Los mensajes personalizados se pueden mostrar en la pantalla de inicio de sesión para notificar a los usuarios externos sobre problemas con los enlaces compartidos. Se puede abusar de este mecanismo para inyectar mensajes de texto arbitrarios. Usuarios pueden ser engañados para seguir instrucciones inyectadas por terceras partes como parte de ataques de ingeniería social.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-04-20 CVE Reserved
- 2016-12-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/538732/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id/1036157 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | <= 7.8.1 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version " <= 7.8.1" | rev9 |
Affected
| ||||||