Michael Menge

Name of the Vulnerable Software and Affected Versions: Ingo H3 versions prior to 1.1.2 Description: The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. Multiple vulnerabilities in the ingo1 package may lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a remote attacker who has passed the authentication procedure. Recommendations: For Ingo H3 versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to filter rules to minimize the risk of exploitation. Avoid using shell metacharacters in the mailbox destination of filter rules until the issue is resolved.