[CYBERSECURITY ADVISORY] - Roundcube vulnerability affecting Dualog Business Mail and Crew Mail

Zero-day Vulnerability found in Roundcube Webmail servers

On the 11th of October 2023, ESET discovered that a zero-day XSS vulnerability in the Roundcube Webmail server was being exploited. Dualog currently uses Roundcube for our webmail service for Business Mail and Crew Mail. In response, Dualog has released an upgraded version of Connection Suite which incorporates the latest security updates released by Roundcube to address the vulnerability. Additionally, our security team has implemented targeted changes to MailDefence to monitor messages that may exploit this vulnerability.

Recommended Action

To keep your fleet secure, we strongly recommend upgrading your version of Connection Suite as soon as possible. The latest version can be downloaded here.

If you require any assistance upgrading, you may refer to this article or reach out to Dualog Support at support@dualog.com.



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.