• Introduction
  • FAQ
Open-Source Security Intelligence

Know every vulnerability
before it knows you.

DevGuard continuously monitors your dependencies and alerts you when CVEs like this one affect your stack — with real-time threat intelligence built for developers.

Checkout DevGuardView on GitHub
Search

CVE-2022-30287

HighCVSS 8 / 10
Published Jul 28, 2022·Last modified Apr 10, 2026
Affected Components(2177)
horde/horde
horde_token-1.1.6
horde/horde
horde_db-1.1.2
horde/horde
horde_test-1.3.0
1 / 726
Description

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.

Risk Scores
Base Score
8.0

The vulnerability can be exploited over the network without needing physical access. It is easy for an attacker to exploit this vulnerability. An attacker needs basic access or low-level privileges. The attacker needs the user to perform some action, like clicking a link. The impact is confined to the system where the vulnerability exists. There is a high impact on the confidentiality of the information. There is a high impact on the integrity of the data. There is a high impact on the availability of the system.

Threat Intelligence
7.3

Exploitation activity has been observed. Apply available patches or mitigations urgently.

EPSS
70.28%

The exploit probability is very high. The vulnerability is very likely to be exploited in the next 30 days.

Exploit
Not available

We did not find any exploit available. Neither in GitHub repositories nor in the Exploit-Database.

Browse More

High severity2022 vulnerabilities
Scan your project

Continuously monitor your dependencies and get alerted when vulnerabilities like this one affect your stack.

Checkout DevGuard