CVE-2020-12714

Name of the Vulnerable Software and Affected Versions CipherMail Community Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 CipherMail Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 CipherMail Webmail Messenger Virtual Appliances versions 1.1.1 through 3.1.1-0

Description An issue was discovered in CipherMail products where a Diffie-Hellman parameter of insufficient size could allow man-in-the-middle compromise of communications between CipherMail products and external SMTP clients.

Recommendations For CipherMail Community Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0, update to a version with a secure Diffie-Hellman parameter size. For CipherMail Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0, update to a version with a secure Diffie-Hellman parameter size. For CipherMail Webmail Messenger Virtual Appliances versions 1.1.1 through 3.1.1-0, update to a version with a secure Diffie-Hellman parameter size. As a temporary workaround, consider restricting access to external SMTP clients until a secure version is available.