// For flags

CVE-2017-7414

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.

En Horde_Crypt en versiones anteriores a 2.7.6, como se utiliza en Horde Groupware Webmail Edition 5.x hasta la versión 5.2.17, OS puede ocurrir si el usuario tiene activadas las características de PGP en las preferencias del usuario y ha activado la preferencia "¿Deberían verificarse automáticamente los mensajes firmados de PGP cuando se visualizan?". Para aprovechar esta vulnerabilidad, un atacante puede enviar un correo electrónico firmado por PGP (que se ha creado de manera malintencionada) al usuario de la Horda, que debe verlo o visualizarlo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-04-03 CVE Reserved
  • 2017-04-04 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.0.0
Search vendor "Horde" for product "Groupware" and version "5.0.0"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.0.0
Search vendor "Horde" for product "Groupware" and version "5.0.0"
rc1, webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.0.1
Search vendor "Horde" for product "Groupware" and version "5.0.1"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.0.2
Search vendor "Horde" for product "Groupware" and version "5.0.2"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.0.3
Search vendor "Horde" for product "Groupware" and version "5.0.3"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.0.4
Search vendor "Horde" for product "Groupware" and version "5.0.4"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.0.5
Search vendor "Horde" for product "Groupware" and version "5.0.5"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.1.0
Search vendor "Horde" for product "Groupware" and version "5.1.0"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.1.0
Search vendor "Horde" for product "Groupware" and version "5.1.0"
rc1, webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.1.1
Search vendor "Horde" for product "Groupware" and version "5.1.1"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.1.2
Search vendor "Horde" for product "Groupware" and version "5.1.2"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.1.3
Search vendor "Horde" for product "Groupware" and version "5.1.3"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.1.4
Search vendor "Horde" for product "Groupware" and version "5.1.4"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.1.5
Search vendor "Horde" for product "Groupware" and version "5.1.5"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.2.0
Search vendor "Horde" for product "Groupware" and version "5.2.0"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.2.0
Search vendor "Horde" for product "Groupware" and version "5.2.0"
rc1, webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.2.1
Search vendor "Horde" for product "Groupware" and version "5.2.1"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.2.2
Search vendor "Horde" for product "Groupware" and version "5.2.2"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.2.3
Search vendor "Horde" for product "Groupware" and version "5.2.3"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.2.4
Search vendor "Horde" for product "Groupware" and version "5.2.4"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.2.5
Search vendor "Horde" for product "Groupware" and version "5.2.5"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.2.6
Search vendor "Horde" for product "Groupware" and version "5.2.6"
webmail
Affected
Horde
Search vendor "Horde"
Groupware
Search vendor "Horde" for product "Groupware"
5.2.7
Search vendor "Horde" for product "Groupware" and version "5.2.7"
webmail
Affected