SecurityGateway Patch Bulletin – SG220308
Fix to private product details vulnerabilities
Published March 8, 2022
An information disclosure vulnerability in SecurityGateway™ was recently reported by Swascan SRL. This vulnerability may impact all versions of the software back to version 2.1.0.
To address this issue, the development team at MDaemon Technologies has released patches for affected versions of SecurityGateway software.
For specific information, see the Affected Software Section below.
Recommendation: For SecurityGateway installations, MDaemon Technologies recommends that administrators download and install the appropriate update listed below.
Known Issues: There are no known issues that customers may experience when installing this patch.
The following versions of SecurityGateway have been tested and determined affected. Please download the file version AND language based upon your current installation.
For versions 6.0.0 - 8.5.0, download the correct installer and run it.
For versions 2.1.0 - 5.5.0, download the correct ZIP file and extract it to \SecurityGateway\App.
SecurityGateway 5.5.x (32 bit, all languages)
SecurityGateway 5.5.0 (32 bit)
SecurityGateway 5.0.x (32 bit, all languages)
SecurityGateway 5.0.1 (32 bit)
SecurityGateway 4.5.x (32 bit, all languages)
SecurityGateway 4.5.1 (32 bit)
SecurityGateway 3.0.x (32 bit, all languages)
SecurityGateway 3.0.3 (32 bit)
SecurityGateway 2.1.x (32 bit, all languages)
SecurityGateway 2.1.2 (32 bit)
Frequently Asked Questions (FAQ) Related to This Update
What is the impact?
This vulnerability may impact administrators of SecurityGateway for Email Servers.
What versions of SecurityGateway are affected?
Version 2.1.0 through version 8.5.0 are affected (current supported versions are 6.0.0 through 8.5.0; unsupported versions are 2.1.0 through 5.5.x). All SecurityGateway administrators of these versions are encouraged to upgrade to the latest version to ensure they have the latest patches and security updates.
What do I need to do in order to resolve this issue?
Simply download and install the appropriate patch listed in the Affected Software section of this update. There is no requirement to renew your license to obtain the fix. Additional questions can be communicated using the website Chat feature or by contacting MDaemon Technologies Support.