Lucene search
HistoryJan 15, 2015 - 3:59 p.m.
CVE-2014-9587
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.002
Percentile
56.5%
Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.
Affected configurations
Node
roundcubewebmailRange≤1.0.3
Related
prion
prion
Cross site request forgery (csrf)
2015-01-15 15:59:00
nessus
nessus
openSUSE Security Update : roundcubemail (openSUSE-SU-2015:0116-1)
2015-01-26 00:00:00
Debian DLA-613-1 : roundcube security update
2016-09-09 00:00:00
cvelist
cvelist
CVE-2014-9587
2015-01-15 15:00:00
ubuntucve
ubuntucve
CVE-2014-9587
2015-01-15 00:00:00
cve
cve
CVE-2014-9587
2015-01-15 15:59:21
debiancve
debiancve
CVE-2014-9587
2015-01-15 15:59:21
openvas
openvas
Debian: Security Advisory (DLA-613-1)
2018-02-07 00:00:00
debian
debian
[SECURITY] [DLA 613-1] roundcube security update
2016-09-08 09:58:47
osv
osv
roundcube - security update
2016-09-08 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.002
Percentile
56.5%
Related for NVD:CVE-2014-9587