NVD

Id
85508  
Name
CVE-2017-8114  
Description
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-07-18  
Published
2017-04-29  
Modified Date
2017-07-10  
Seq
2017-8114  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
67342 JVNDB-2017-003654 Roundcube Webmail における認可・権限・アクセス制御に関する脆弱性 Roundcube Webmail には、認可・権限・アクセス制御に関する脆弱性が存在します。 CVE-2017-8114 0 CVE-2017-8114 85508 6.5 8.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-003654.html 2017-04-28 2017-06-02 View