CVE-2016-6848
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file can be created via a trusted domain without authentication that, if executed by the user, may lead to local code execution.
Ha sido descubierto un problema en Open-Xchange OX App Suite en versiones anteriores a 7.8.2-rev8. La petición API puede ser usada para inyectar, generar y descargar archivos ejecutables al cliente ("Reflected File Download"). Se puede crear un archivo por lotes específico de plataforma malintencionada (por ejemplo, Microsoft Windows) a través de un dominio de confianza sin autenticación que, si es ejecutado por el usuario, puede conducir a la ejecución de código local.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-08-18 CVE Reserved
- 2016-12-15 CVE Published
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-254: 7PK - Security Features
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/93460 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Open-xchange Search vendor "Open-xchange" | Open-xchange Appsuite Search vendor "Open-xchange" for product "Open-xchange Appsuite" | <= 7.8.2 Search vendor "Open-xchange" for product "Open-xchange Appsuite" and version " <= 7.8.2" | rev4 |
Affected
| ||||||