What is CVE-2017-7414?

CVE-2017-7414 is a high-severity vulnerability in Horde Groupware, classified under OS Command Injection. CVSS score: 7.5/10. Published 2017-04-04.

How severe is CVE-2017-7414?

High severity. CVSS v3 base score is 7.5 out of 10.

RCE in Horde Groupware

CVE-2017-7414

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be a…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.010 (77.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Horde Groupware — versions 5.0.0, 5.0.1, 5.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

cve@mitre.org (x_refsource_CONFIRM, Mailing List, Vendor Advisory)
cve@mitre.org (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2017-7414?: CVE-2017-7414 is a high-severity vulnerability in Horde Groupware, classified under OS Command Injection. CVSS score: 7.5/10. Published 2017-04-04.
How severe is CVE-2017-7414?: High severity. CVSS v3 base score is 7.5 out of 10.