CVE-2024-51123

CVE-2024-51123 is an information disclosure vulnerability (CWE-200) affecting Zertificon Z1 SecureMail Gateway version 4.44.2-7240-debian12. The flaw resides in the /compose-pdf.xhtml?convid=[id] component, where a remote attacker can extract sensitive information. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to network accessibility, low attack complexity, and no requirements for privileges or user interaction.

Any remote attacker can exploit this vulnerability without authentication by sending crafted requests to the vulnerable endpoint, potentially leaking confidential data such as user or message details. Successful exploitation enables high-impact confidentiality breaches but does not allow integrity modification or denial of service.

Further details, including potential mitigation guidance, are available in the advisory at https://github.com/MVRC-ITSEC/CVEs/blob/main/CVE-2024-51123. Security practitioners should review this source for version-specific patches or workarounds, as no additional mitigation information is detailed in the CVE publication from February 12, 2025.