Vulnerability Details CVE-2017-7413
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.168
EPSS Ranking 94.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2017-7413
-
cpe:2.3:a:horde:groupware:1.0
-
cpe:2.3:a:horde:groupware:1.0.1
-
cpe:2.3:a:horde:groupware:1.0.2
-
cpe:2.3:a:horde:groupware:1.0.3
-
cpe:2.3:a:horde:groupware:1.0.4
-
cpe:2.3:a:horde:groupware:1.0.5
-
cpe:2.3:a:horde:groupware:1.0.6
-
cpe:2.3:a:horde:groupware:1.0.7
-
cpe:2.3:a:horde:groupware:1.0.8
-
cpe:2.3:a:horde:groupware:1.1
-
cpe:2.3:a:horde:groupware:1.1.1
-
cpe:2.3:a:horde:groupware:1.1.2
-
cpe:2.3:a:horde:groupware:1.1.3
-
cpe:2.3:a:horde:groupware:1.1.4
-
cpe:2.3:a:horde:groupware:1.1.5
-
cpe:2.3:a:horde:groupware:1.1.6
-
cpe:2.3:a:horde:groupware:1.2
-
cpe:2.3:a:horde:groupware:1.2.1
-
cpe:2.3:a:horde:groupware:1.2.10
-
cpe:2.3:a:horde:groupware:1.2.2
-
cpe:2.3:a:horde:groupware:1.2.3
-
cpe:2.3:a:horde:groupware:1.2.4
-
cpe:2.3:a:horde:groupware:1.2.5
-
cpe:2.3:a:horde:groupware:1.2.6
-
cpe:2.3:a:horde:groupware:1.2.7
-
cpe:2.3:a:horde:groupware:1.2.8
-
cpe:2.3:a:horde:groupware:1.2.9
-
cpe:2.3:a:horde:groupware:4.0
-
cpe:2.3:a:horde:groupware:4.0.1
-
cpe:2.3:a:horde:groupware:4.0.2
-
cpe:2.3:a:horde:groupware:4.0.3
-
cpe:2.3:a:horde:groupware:4.0.4
-
cpe:2.3:a:horde:groupware:4.0.5
-
cpe:2.3:a:horde:groupware:4.0.6
-
cpe:2.3:a:horde:groupware:4.0.7
-
cpe:2.3:a:horde:groupware:4.0.8
-
cpe:2.3:a:horde:groupware:5.0.0
-
cpe:2.3:a:horde:groupware:5.0.1
-
cpe:2.3:a:horde:groupware:5.0.2
-
cpe:2.3:a:horde:groupware:5.0.3
-
cpe:2.3:a:horde:groupware:5.0.4
-
cpe:2.3:a:horde:groupware:5.0.5
-
cpe:2.3:a:horde:groupware:5.1.0
-
cpe:2.3:a:horde:groupware:5.1.1
-
cpe:2.3:a:horde:groupware:5.1.2
-
cpe:2.3:a:horde:groupware:5.1.3
-
cpe:2.3:a:horde:groupware:5.1.4
-
cpe:2.3:a:horde:groupware:5.1.5
-
cpe:2.3:a:horde:groupware:5.2.0
-
cpe:2.3:a:horde:groupware:5.2.1
-
cpe:2.3:a:horde:groupware:5.2.10
-
cpe:2.3:a:horde:groupware:5.2.11
-
cpe:2.3:a:horde:groupware:5.2.12
-
cpe:2.3:a:horde:groupware:5.2.13
-
cpe:2.3:a:horde:groupware:5.2.14
-
cpe:2.3:a:horde:groupware:5.2.15
-
cpe:2.3:a:horde:groupware:5.2.16
-
cpe:2.3:a:horde:groupware:5.2.17
-
cpe:2.3:a:horde:groupware:5.2.2
-
cpe:2.3:a:horde:groupware:5.2.3
-
cpe:2.3:a:horde:groupware:5.2.4
-
cpe:2.3:a:horde:groupware:5.2.5
-
cpe:2.3:a:horde:groupware:5.2.6
-
cpe:2.3:a:horde:groupware:5.2.7
-
cpe:2.3:a:horde:groupware:5.2.8
-
cpe:2.3:a:horde:groupware:5.2.9