CVE-2016-7967

{"id": "CVE-2016-7967", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2016-12-23T22:59:00.267", "references": [{"url": "http://www.openwall.com/lists/oss-security/2016/10/05/1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/93360", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.kde.org/info/security/advisory-20161006-2.txt", "tags": ["Vendor Advisory"], "source": "nvd@nist.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled."}, {"lang": "es", "value": "KMail desde la versi\u00f3n 5.3.0 como se utiliza en un visor basado en QWebEngine que ten\u00eda habilitado JavaScript. Dado que el html generado es ejecutado en el contexto de seguridad de archivos local mediante el acceso predeterminado a URLs remotas y locales estaba habilitado."}], "lastModified": "2016-12-27T18:42:57.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kde:kmail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8CD81D6-8EB0-4579-9328-5D8811BDBFAF", "versionEndIncluding": "5.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}