|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-06-21 | |
| Rule Name: | Horde Groupware Webmail Edition Cross Site Request Forgery Vulnerability (CVE-2022-30287) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Horde Webmail is a browser-based email application. Horde Webmail has a cross-site request forgery vulnerability that stems from insufficient verification of the origin of HTTP requests. | |
| Impact: | An attacker can launch a cross-site request forgery in the context of the affected software. Arbitrary script transmitted from a user that the software trusts can be executed in a successful exploit attempt. | |
| Affected OS: | Windows, Others | |
| Reference: | https://www.horde.org/apps/webmail https://blog.sonarsource.com/horde-webmail-rce-via-email/ https://lists.debian.org/debian-lts-announce/2022/08/msg00022.html https://vigilance.fr/vulnerability/Horde-Groupware-Webmail-Edition-code-execution-via-Reflection-Injection-39157 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.horde.org/apps/webmail |