Unrated severityNVD Advisory· Published Jan 15, 2015· Updated May 6, 2026

CVE-2014-9587

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.

Affected products

Roundcube/Webmail
cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
Range: <=1.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

roundcube.net/news/2014/12/18/update-1.0.4-released/nvdPatchVendor Advisory
www.openwall.com/lists/oss-security/2015/01/11/3nvd
www.securityfocus.com/bid/71909nvd
bugs.gentoo.org/show_bug.cginvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000