KDE KMail Vulnerability in Send Later Feature
CVE-2017-9604

7.5HIGH

Key Information:

Vendor: Kde
Status: Kmail; Messagelib
Vendor: CVE Published:; 13 June 2017

What is CVE-2017-9604?

KDE KMail and messagelib versions before 5.5.2 do not adequately secure the sign/encrypt action during the use of the Send Later feature. This oversight enables remote attackers to potentially intercept sensitive information transmitted over the network, compromising user confidentiality. Users are urged to update to the latest versions to mitigate risks associated with this vulnerability.

References

https://commits.kde.org/messagelib/c54706e990bbd6498e7b15...

x_refsource_CONFIRM

https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 13, 2017

CVE-2017-9604 Data

JSON

Kde

What is CVE-2017-9604?

References

CVSS V3.1

Timeline