Multiple vulnerabilities in SecurEnvoy SecurMail
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2018-7703 CVE-2018-7707 CVE-2018-7705 CVE-2018-7706 CVE-2018-7704 CVE-2018-7702 CVE-2018-7701 |
| CWE-ID | CWE-79 CWE-22 CWE-285 CWE-451 CWE-352 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. |
| Vulnerable software Subscribe |
SecurEnvoy SecurMail Server applications / Mail servers |
| Vendor | SecurEnvoy |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU11480
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7703
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 9.2.501.
Vulnerable software versionsSecurEnvoy SecurMail: 9.1.501
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Cross-site scripting
EUVDB-ID: #VU11481
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7707
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Mitigation
Update to version 9.2.501.
Vulnerable software versionsSecurEnvoy SecurMail: 9.1.501
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Path traversal
EUVDB-ID: #VU11482
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7705
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensisitve information on the target system.
The weakness exists in the filename parameter to secupload2/upload.aspx due to path traversal. A remote attacker can gain access to potentially sensitive information.
Update to version 9.2.501.
Vulnerable software versionsSecurEnvoy SecurMail: 9.1.501
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Path traversal
EUVDB-ID: #VU11483
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7706
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensisitve information on the target system.
The weakness exists in the option2 parameter in an attachment action to secmail/getmessage.exe due to path traversal. A remote attacker can gain access to potentially sensitive information.
Update to version 9.2.501.
Vulnerable software versionsSecurEnvoy SecurMail: 9.1.501
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Improper authorization
EUVDB-ID: #VU11484
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7704
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists due to only partially implemented authorization checks. A remote attacker can gain access to potentially sensitive information.
Update to version 9.2.501.
Vulnerable software versionsSecurEnvoy SecurMail: 9.1.501
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Spoofing attack
EUVDB-ID: #VU11485
Risk: Low
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7702
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information and modify arbitrary files on the target system.
The weakness exists due to missing authentication and authorization. A remote attacker can spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
Update to version 9.2.501.
Vulnerable software versionsSecurEnvoy SecurMail: 9.1.501
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Cross-site request forgery
EUVDB-ID: #VU11486
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-7701
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists improper authentication. A remote attacker can hijack the authentication of arbitrary users for requests that delete e-mail messages via a delete action in a request to secmail/getmessage.exe or spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe and gain access to potentially sensitive information.
Update to version 9.2.501.
Vulnerable software versionsSecurEnvoy SecurMail: 9.1.501
CPE2.3 External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
