Clickjacking Vulnerability in Kerio Connect Product by GFI Software
CVE-2017-7440

6.5MEDIUM

Key Information:

Vendor: Gfi
Status: Kerio Connect
Vendor: CVE Published:; 2 May 2017

What is CVE-2017-7440?

Kerio Connect versions 8.0.0 to 9.2.2 and the Kerio Connect Client for Windows and Mac (9.2.0 to 9.2.2) are susceptible to clickjacking. When the email preview feature is enabled, attackers can exploit this vulnerability by crafting malicious email messages that trick users into revealing sensitive information or executing unintended actions without their consent, potentially leading to unauthorized access.

References

https://www.gfi.com/support/products/Clickjacking-vulnera...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2017
Vulnerability Reserved
Apr 5, 2017

Gfi

What is CVE-2017-7440?

References

CVSS V3.1

Timeline