NVD

Id
85479  
Name
CVE-2017-7229  
Description
PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol=application/pgp-encrypted; boundary=abc123abc123' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure).  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:P)  
Pub Date
2017-05-27  
Published
2017-05-03  
Modified Date
2017-05-16  
Seq
2017-7229  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
67605 JVNDB-2017-003902 Vaultive Office 365 Security における暗号強度に関する脆弱性 Vaultive Office 365 Security には、暗号強度に関する脆弱性が存在します。 CVE-2017-7229 0 CVE-2017-7229 85479 6.4 9.1 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-003902.html 2017-05-04 2017-06-09 View