Published security vulnerabilities

CVE ID: CVE-2023-29476

Product: On-Premise Appliance
Affected versions: < 2.88
Fixed in 2.88.2+, 2.89.1+, 2.90.1+
Description: "Web policy may not be consistently applied properly to intentionally malformed client requests”
Reported by: Government Technology Agency of Singapore (GovTech)

CVE ID: CVE-2022-24974

Product: Email Isolation On-Premise
Affected versions: 2.81.1 – 2.81.8
Fixed in 2.81.9+
Description: “Links may not be rewritten according to policy in some specially formatted emails.”
Reported by: Anonymous