| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.1 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Horde IMP 6.1.7 and classified as problematic. Impacted is an unknown function of the component Mailbox/Message View. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2014-4945. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The affected component should be upgraded.
Details
A vulnerability, which was classified as problematic, has been found in Horde IMP 6.1.7 (Groupware Software). This issue affects an unknown part of the component Mailbox/Message View. The manipulation with an unknown input leads to a cross site scripting vulnerability. Using CWE to declare the problem leads to CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Impacted is integrity.
The weakness was shared 07/07/2014 as Horde Groupware Webmail Edition 5.1.5 (final) as confirmed posting (Mailing List). It is possible to read the advisory at lists.horde.org. The identification of this vulnerability is CVE-2014-4945 since 07/14/2014. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK.
It is declared as highly functional.
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (94952), SecurityFocus (BID 68696†) and Secunia (SA59770†). The entries VDB-66982, VDB-67260 and VDB-65953 are related to this item. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Affected
- Horde Groupware Webmail Edition 5.1.4
- Horde Internet Mail Program 6.1.7
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.horde.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.1
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cross site scriptingCWE: CWE-79 / CWE-94 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Highly functional
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
07/07/2014 🔍07/11/2014 🔍
07/14/2014 🔍
07/14/2014 🔍
07/14/2014 🔍
07/31/2014 🔍
02/10/2022 🔍
Sources
Vendor: horde.orgAdvisory: Horde Groupware Webmail Edition 5.1.5 (final)
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-4945 (🔍)
GCVE (CVE): GCVE-0-2014-4945
GCVE (VulDB): GCVE-100-67259
X-Force: 94952 - Horde Groupware Webmail Edition and Horde Internet Mail Program (IMP) mutiple cross-site scripting, Medium Risk
SecurityFocus: 68696 - Horde IMP CVE-2014-4945 Multiple Cross Site Scripting Vulnerabilities
Secunia: 59770 - Horde Groupware Webmail Edition Security Issue and Multiple Vulnerabilities, Moderately Critical
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 07/31/2014 14:37Updated: 02/10/2022 02:49
Changes: 07/31/2014 14:37 (62), 04/19/2019 10:01 (3), 02/10/2022 02:49 (3)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.