What is CVE-2017-7413?

CVE-2017-7413 is a high-severity vulnerability in Horde Groupware, classified under OS Command Injection. CVSS score: 8.8/10. Published 2017-04-04.

How severe is CVE-2017-7413?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Horde Groupware

CVE-2017-7413

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to e…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.245 (96.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Horde Groupware
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

cve@mitre.org (x_refsource_CONFIRM, Mailing List, Vendor Advisory)
cve@mitre.org (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2017-7413?: CVE-2017-7413 is a high-severity vulnerability in Horde Groupware, classified under OS Command Injection. CVSS score: 8.8/10. Published 2017-04-04.
How severe is CVE-2017-7413?: High severity. CVSS v3 base score is 8.8 out of 10.