Horde Groupware Multiple Vulnerabilities Fixed by 5.2.16


Description   (#Several vulnerabilities have been identified in Horde Groupware:#- several cross-site request forgery in portal layout and configuration forms. A remote attacker could exploit them by enticing their victim into opening a malicious link in order perform certain operations victim's privileges##- open redirect in the portal layout forms. A remote attacker could exploit it by enticing their victims into following a specially crafted link in order to redirect to a malicious website.)
     
Vulnerable Products   Vulnerable Software:
Horde (Horde) - 1.0.3, 1.0.4, 1.0.5, 2.0, 2.0.6, ..., 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9
     
Solution   Version 5.2.16 of Horde Groupware fixes these vulnerabilities.
     
CVE  
     
References   - Horde : Groupware 5.2.16 (final)
https://lists.horde.org/archives/announce/2016/001196.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2016-09-06 

 Target Type 
Client 

 Possible exploit 
Remote