CVE

Id
90865  
CVE No.
CVE-2016-4046  
Status
Candidate  
Description
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.  
Phase
Assigned (20160420)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
782022 90865 CVE-2016-4046 CONFIRM:http://www.securityfocus.com/archive/1/archive/1/538732/100/0/threaded  View
782023 90865 CVE-2016-4046 SECTRACK:1036157  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
2291 JVNDB-2016-003064 HPE LoadRunner および Performance Center における重要な情報を取得される脆弱性 HPE LoadRunner および Performance Center には、重要な情報を取得される、データを変更される、またはサービス運用妨害 (DoS) 状態にされる脆弱性が存在します。 CVE-2016-4359 90865 7.5 9.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-003064.html  View