How severe is CVE-2017-7414?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2017-7414?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2017-7414 - HIGH Severity | CVSS 7.5

Vulnerability Description

In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it.

Related Vulnerabilities

CVE-2016-0634

HIGH

CVSS:7.5(High)

The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.

CWE-782016

CVE-2016-2876

HIGH

CVSS:7.5(High)

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access ...

CWE-782016

CVE-2016-6631

HIGH

CVSS:7.5(High)

An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user...

CWE-782016

CVE-2018-10987

HIGH

CVSS:7.5(High)

An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a speciall...

CWE-782018

CVE-2018-1238

HIGH

CVSS:7.5(High)

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses sh...

CWE-782018

CVE-2018-16089

HIGH

CVSS:7.5(High)

In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as ...

CWE-782018