Znuny S/MIME Email Decryption Vulnerability in Communication Log Access

Vulnerability

A vulnerability exists in Znuny versions 6.5.1 prior to 6.5.11, 7.0.1 prior to 7.1.3, and Znuny LTS 6.0. This issue allows users with access to the Communication Log to view the decrypted content of S/MIME encrypted emails, even if they do not have access to the corresponding tickets.

Impact

The vulnerability could lead to unauthorized access to sensitive information contained in S/MIME encrypted emails, allowing users to read decrypted email content that should be protected.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Znuny S/MIME Email Decryption Vulnerability in Communication Log Access

Vulnerability

Impact

Affected Products

Znuny

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating