Seppmail
CVE-2022-41871
MEDIUM
Severity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.
AnalysisAI
SEPPmail through 12.1.17 allows command injection within the Admin Portal. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root. Affected products include: Seppmail. Version information: through 12.1.17.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
Remote code execution in SeppMail secure email gateway versions 15.0.2.1 and earlier allows unauthenticated attackers to
Command injection in SEPPmail Secure Email Gateway before 15.0.1 via PDF encryption password.
SEPPmail Secure Email Gateway versions before 15.0.1 fail to properly validate S/MIME message headers, enabling attacker
Improper filename validation in SEPPmail Secure Email Gateway's GINA web interface (versions before 15.0.1) enables unau
SEPPmail Secure Email Gateway versions prior to 15.0.1 fail to properly isolate decrypted PGP message content from surro
SEPPmail Secure Email Gateway versions before 15.0.1 misinterpret email addresses in message headers, enabling attackers
SEPPmail Secure Email Gateway versions before 15.0.1 fail to properly validate S/MIME certificates with whitespace chara
Seppmail versions up to 15.0.1 is affected by improper verification of cryptographic signature (CVSS 5.3).
Seppmail versions up to 15.0.1 is affected by improper verification of cryptographic signature (CVSS 5.3).
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today