Vulnerability Details : CVE-2016-6852
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system files or library versions on the middleware server to prepare further attacks.
Products affected by CVE-2016-6852
- cpe:2.3:a:open-xchange:open-xchange_appsuite:*:rev4:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6852
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6852
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2016-6852
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6852
-
http://www.securityfocus.com/bid/93459
Open-Xchange AppSuite CVE-2016-6852 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://software.open-xchange.com/OX6/6.22/doc/Release_Notes_for_Patch_Release_3522_7.8.2_2016-08-29.pdf
Release Notes;Vendor Advisory
Jump to