PT-2017-17737 · Kerio+2 · Kerio Connect Client+3
Published
2017-05-02
·
Updated
2024-01-26
·
CVE-2017-7440
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Kerio Connect versions 8.0.0 through 9.2.2
Kerio Connect Client desktop application for Windows and Mac versions 9.2.0 through 9.2.2
Description
The issue allows remote attackers to conduct clickjacking attacks via a crafted e-mail message when e-mail preview is enabled.
Recommendations
For Kerio Connect versions 8.0.0 through 9.2.2, consider disabling e-mail preview to prevent clickjacking attacks.
For Kerio Connect Client desktop application for Windows and Mac versions 9.2.0 through 9.2.2, consider disabling e-mail preview to prevent clickjacking attacks.
Fix
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kerio Connect
Kerio Connect Client
Mac
Windows