CVE-2017-7229

Name of the Vulnerable Software and Affected Versions Vaultive O365 versions prior to 4.5.21

Description The issue affects PGP/MIME encrypted messages processed by the Vaultive O365 frontend. When such messages are injected via IMAP or SMTP, their Content-Type is altered from 'multipart/encrypted' to 'text/plain'. This modification causes most PGP/MIME-capable mail user agents to fail at decrypting the messages properly, resulting in a Denial of Service. A common consequence of this issue is that senders are requested to resend the emails without encryption, potentially leading to Information Disclosure.

Recommendations For versions prior to 4.5.21, update to version 4.5.21 or later to resolve the issue.