CVE-2017-16651 — Roundcube Webmail File Disclosure Vulnerability

2021-11-03 • CISA Known Exploited Vulnerability

[event] Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.

> AFFECTED SOFTWARE

Field	Value
Vendor	Roundcube
Product	Roundcube Webmail
CWE	CWE-552
CVE ID	CVE-2017-16651
Date Added	2021-11-03
Due Date	2022-05-03
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-05-03

> REFERENCES

[1] https://nvd.nist.gov/vuln/detail/CVE-2017-16651