Code injection

2017-05-0214:59:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.

CPENameOperatorVersion
kerio_connectge8.0.0
kerio_connectle9.2.2
kerio_connect_clientge9.2.0
kerio_connect_clientle9.2.2

Name	Operator	Version
kerio_connect	ge	8.0.0
kerio_connect	le	9.2.2
kerio_connect_client	ge	9.2.0
kerio_connect_client	le	9.2.2

References

www.gfi.com/support/products/Clickjacking-vulnerability-in-Kerio-Connect-8-and-9-CVE-2017-7440