Kenny Paterson

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.3 Description SEPPmail Secure Email Gateway versions prior to 15.0.3 are affected by an issue where an attacker can conceal security tags from users by creating a subject line of excessive length. Recommendations Update SEPPmail Secure Email Gateway to version 15.0.3 or later.

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.3 Description The SEPPmail Secure Email Gateway is susceptible to HTML injection in notifications regarding new CA certificates. An attacker can inject HTML code into these notifications. Recommendations Update to version 15.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.3 **Description** The SEPPmail Secure Email Gateway allows an attacker who has gained access to a victim's GINA account to circumvent a second-password verification and access protected email messages. **Recommendations** Update to version 15.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.3 **Description** SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys where the User ID (UID) does not correspond to the email address associated with the key. This could potentially lead to misuse of the email system. **Recommendations** Update SEPPmail Secure Email Gateway to version 15.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.3 **Description** SEPPmail Secure Email Gateway before version 15.0.3 has an issue where an external user can modify GINA webdomain metadata, leading to a bypass of per-domain restrictions. **Recommendations** Update SEPPmail Secure Email Gateway to version 15.0.3 or later.

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.3 Description SEPPmail Secure Email Gateway versions before 15.0.3 are susceptible to a flaw where an attacker can create a specially crafted password-tag to circumvent subject sanitization. Recommendations Update to version 15.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.3 **Description** SEPPmail Secure Email Gateway versions before 15.0.3 are susceptible to a flaw that allows an attacker to manipulate S/MIME signatures, leading to the use of attacker-controlled certificates for future encryption with a victim. This is achieved by adding these certificates to S/MIME signatures. **Recommendations** Update SEPPmail Secure Email Gateway to version 15.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.3 **Description** SEPPmail Secure Email Gateway versions prior to 15.0.3 are susceptible to a condition that allows attackers to read the contents of emails encrypted for other users by using a specially crafted email address. **Recommendations** Update SEPPmail Secure Email Gateway to version 15.0.3 or later.

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.3 Description SEPPmail Secure Email Gateway versions before 15.0.3 are susceptible to a bypass of subject sanitization. This allows an attacker to forge security tags by utilizing Unicode lookalike characters. Recommendations Update to version 15.0.3 or later.

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.3 Description SEPPmail Secure Email Gateway does not properly authenticate the inner message of S/MIME-encrypted MIME entities, potentially allowing an attacker to control trusted headers. Recommendations Update to version 15.0.3 or later.

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.3 Description SEPPmail Secure Email Gateway versions before 15.0.3 are susceptible to an issue that allows an attacker to forge a GINA-encrypted email. Recommendations Update to version 15.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.3 **Description** SEPPmail Secure Email Gateway versions prior to 15.0.3 are susceptible to a bypass of subject sanitization. This allows an attacker to forge tags, such as '[signed OK]', within the email subject. **Recommendations** Update SEPPmail Secure Email Gateway to version 15.0.3 or later.

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.3 Description SEPPmail Secure Email Gateway versions prior to 15.0.3 are susceptible to account takeover. This is due to a flaw in the GINA account initialization process, which can be exploited to reset victim account passwords. Recommendations Update SEPPmail Secure Email Gateway to version 15.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.3 **Description** SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own. **Recommendations** Update to version 15.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.1 **Description** The SEPPmail Secure Email Gateway does not properly validate S/MIME certificates for email addresses that contain whitespaces, which can lead to signature spoofing. **Recommendations** Update to version 15.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.1 **Description** The SEPPmail Secure Email Gateway does not properly handle PDF encryption passwords, potentially allowing for operating system command execution. The issue arises from insufficient neutralization of the password. **Recommendations** Update to version 15.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.1 **Description** The GINA web interface does not properly validate attachment filenames within GINA-encrypted emails. This allows an attacker to potentially access files on the gateway. The issue resides in the handling of filenames during the decryption process. The vulnerable component is the GINA web interface. **Recommendations** Update SEPPmail Secure Email Gateway to version 15.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.1 **Description** The SEPPmail Secure Email Gateway does not correctly handle headers within S/MIME protected MIME entities. This allows an attacker to manipulate trusted headers. The issue involves improper sanitization of headers, potentially leading to control over trusted header values. **Recommendations** Update to SEPPmail Secure Email Gateway version 15.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.1 **Description** SEPPmail Secure Email Gateway versions prior to 15.0.1 have an issue where the software incorrectly interprets email addresses within email headers. This misinterpretation can lead to conflicts with other mail infrastructure, potentially allowing an attacker to forge the email source or decrypt the email content. **Recommendations** Update SEPPmail Secure Email Gateway to version 15.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** SEPPmail Secure Email Gateway versions prior to 15.0.1 **Description** The SEPPmail Secure Email Gateway does not correctly validate the origin of PGP signatures. This allows for signature spoofing, potentially enabling an attacker to forge signatures on email communications. **Recommendations** Update to version 15.0.1 or later.