CVE-2018-7705

Name of the Vulnerable Software and Affected Versions: SecurEnvoy SecurMail versions prior to 9.2.501

Description: The issue allows remote authenticated users to read e-mail messages to arbitrary recipients. This is achieved by using a .. (dot dot) in the filename parameter to the "secupload2/upload.aspx" API endpoint.

Recommendations: For versions prior to 9.2.501, update to version 9.2.501 or later to resolve the issue. As a temporary workaround, consider restricting access to the "secupload2/upload.aspx" endpoint or validating the filename parameter to prevent directory traversal attacks.