CVE-2022-41871

MEDIUM

SEPPmail <12.1.17 - Command Injection

Title source: llm

Description

SEPPmail through 12.1.17 allows command injection within the Admin Portal. An authenticated attacker is able to execute arbitrary code in the context of the user root.

References (2)

Core 2

Core References

Third Party Advisory

https://code-white.com/public-vulnerability-list/

Product

https://www.seppmail.com/products/

Scores

CVSS v3 6.0

EPSS 0.0090

EPSS Percentile 54.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-78

Status published

Products (1)

seppmail/seppmail < 12.1.17

Published Apr 28, 2025

Tracked Since Feb 18, 2026