VDB
CVE-2024-42009
CVE-2024-42009
PUBLISHED
KEV
CVSS 9.300000190734863 CRITICAL
Roundcube ist ein Open-Source Webmailsystem, basierend auf PHP.
EPSS 90.48% · 99.6th percentile
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
90.48%
99.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE | SUSE openSUSE | |
| Open Source | Open Source Roundcube Webmail <1.5.8 | |
| Open Source | Open Source Roundcube Webmail <1.6.8 | |
| Ubuntu | Ubuntu Linux | |
| Debian | Debian Linux |
Timeline
- Aug 4, 2024 CVE Published
- Aug 6, 2024 EPSS Score
- Sep 7, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Jan 20, 2025 PoC Published
- Feb 14, 2025 EPSS Score
- Mar 13, 2025 Coalition ESS Score
- Mar 17, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1754.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1754 advisory
- https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-2e908e829a advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2024-b60eb661a4 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1b8e0ad5c2 advisory
- https://lists.debian.org/debian-security-announce/2024/msg00154.html advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/Q5GOCYS6W7WGAIH6NILISNVXQC4O7Z53/ advisory
- https://github.com/0xbassiouny1337/CVE-2024-42009/tree/main advisory
- https://cert.pl/en/posts/2025/06/unc1151-campaign-roundcube/ advisory
- https://github.com/rpgsec/Roundcube-CVE-2024-42008-POC exploit
- https://ubuntu.com/security/notices/USN-7636-1 advisory
- https://ubuntu.com/security/notices/USN-8223-1 advisory