CVE-2014-9587

{"id": "CVE-2014-9587", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-01-15T15:59:21.547", "references": [{"url": "http://roundcube.net/news/2014/12/18/update-1.0.4-released/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/11/3", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/71909", "source": "cve@mitre.org"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=534766", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179780", "source": "cve@mitre.org"}, {"url": "http://roundcube.net/news/2014/12/18/update-1.0.4-released/", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2015/01/11/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/71909", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.gentoo.org/show_bug.cgi?id=534766", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179780", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de CSRF en Roundcube Webmail anterior a 1.0.4 permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas a trav\u00e9s de vectores no especificadas, relacionado con (1) operaciones del libro de direcciones o los plugins (2) ACL o (3) Managesieve."}], "lastModified": "2024-11-21T02:21:11.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0BC22E0-32B4-493F-8514-34991AED0862", "versionEndIncluding": "1.0.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}