How severe is CVE-2017-7229?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2017-7229?

This is classified as CWE-326, which is a common weakness in software security.

CVE-2017-7229 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure).

Related Vulnerabilities

CVE-2016-9121

CRITICAL

CVSS:9.1(Critical)

go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received pub...

CWE-3262016

CVE-2017-14090

CRITICAL

CVSS:9.1(Critical)

A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted.

CWE-3262017

CVE-2020-26197

CRITICAL

CVSS:9.1(Critical)

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inability to connect over TLSv1.2 vulnerability. It may make it easier to eavesdrop and decrypt such traffic for a malicious actor. Note: ...

CWE-3262020

CVE-2023-27987

CRITICAL

CVSS:9.1(Critical)

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should...

CWE-3262023

CVE-2016-2379

HIGH

CVSS:8.8(High)

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain logi...

CWE-3262016

CVE-2017-1701

HIGH

CVSS:8.8(High)

IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, and 6.0.5 stores credentials for users using a weak encryption algorithm, which could allow an authenticated user to obtain h...

CWE-3262017