Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
The attacker exploits a path traversal vulnerability (CWE-22) during file upload through the LFT function, allowing the file to be placed outside the intended target directory. Combined with the ability to upload arbitrary files (CWE-434 — Unrestricted Upload of File with Dangerous Type), this results in the possibility of writing a malicious executable file anywhere on the server's file system. The attack requires no authentication or user interaction, and can be executed remotely over the network.
An attacker can gain full control over the SeppMail server through remote code execution (RCE), threatening the confidentiality, integrity, and availability of both the system itself and related systems.
Update SeppMail to a version newer than 15.0.2.1. Detailed information about the patch is available in the vendor's release notes at: https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html
SeppMail versions 15.0.2.1 and earlier
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:XSeppmail
APPSeppmail≤ 15.0.2.1
Related vulnerabilities
SEPPmail Secure Email Gateway — path traversal w interfejsie GINA
Command injection w SEPPmail Secure Email Gateway poprzez hasło szyfrowania PDF
SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email header...
SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protect...
SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email ...