CVE-2021-44026

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-44026
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://bugs.debian.org/1000156 Mailing List Patch
https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 Patch
https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa Patch
https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/ Mailing List Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/ Mailing List Release Notes
https://www.debian.org/security/2021/dsa-5013 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
History

27 Jun 2024, 19:15

Type Values Removed Values Added
References () https://bugs.debian.org/1000156 - Mailing List, Third Party Advisory () https://bugs.debian.org/1000156 - Mailing List, Patch
References () https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 - Patch, Third Party Advisory () https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 - Patch
References () https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa - Patch, Third Party Advisory () https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa - Patch
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/ - Mailing List, Release Notes
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/ - Mailing List, Release Notes

07 Nov 2023, 03:39

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/', 'name': 'FEDORA-2021-43d3c10590', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/', 'name': 'FEDORA-2021-167865df98', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDVGIZMQJ5IOM47Y3SAAJRN5VPANKTKO/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TP3Y5RXTUUOUODNG7HFEKWYNIPIT2NL4/ -
Information

Published : 2021-11-19 04:15

Updated : 2024-06-27 19:15

NVD link : CVE-2021-44026

Mitre link : CVE-2021-44026

CVE.ORG link : CVE-2021-44026

JSON object : View

Products Affected

roundcube

  • webmail

debian

  • debian_linux

fedoraproject

  • fedora
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024