6.8

CVE-2009-4077

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.

Data is provided by the National Vulnerability Database (NVD)
RoundcubeWebmail Version <= 0.2.2
RoundcubeWebmail Version0.1
RoundcubeWebmail Version0.1 Update20050811
RoundcubeWebmail Version0.1 Update20050820
RoundcubeWebmail Version0.1 Update20051007
RoundcubeWebmail Version0.1 Update20051021
RoundcubeWebmail Version0.1 Updatealpha
RoundcubeWebmail Version0.1 Updatebeta
RoundcubeWebmail Version0.1 Updatebeta2
RoundcubeWebmail Version0.1 Updaterc1
RoundcubeWebmail Version0.1 Updaterc2
RoundcubeWebmail Version0.1 Updatestable
RoundcubeWebmail Version0.1.1
RoundcubeWebmail Version0.2
RoundcubeWebmail Version0.2 Updatealpha
RoundcubeWebmail Version0.2 Updatebeta
RoundcubeWebmail Version0.2 Updatestable
RoundcubeWebmail Version0.2.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.21% 0.407
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.