CVE-2022-30287
First published: Thu Jul 28 2022(Updated: )
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horde Groupware Webmail Edition | <=5.2.22 | |
| Debian GNU/Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2022-30287.
What is the title of this vulnerability?
The title of this vulnerability is Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack.
What is the severity level of CVE-2022-30287?
The severity level of CVE-2022-30287 is high.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by performing a reflection injection attack to instantiate a driver class, which leads to arbitrary deserialization of PHP objects.
How can I fix CVE-2022-30287?
To fix CVE-2022-30287, it is recommended to update Horde Groupware Webmail Edition to a version beyond 5.2.22.
- agent/weakness
- agent/type
- agent/references
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/horde
- canonical/horde groupware webmail edition
- version/horde groupware webmail edition/5.2.22
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/10.0