Overview

This article addresses a critical vulnerability in the GFI Archiver software, specifically relating to an outdated component, Telerik.Web.UI.DLL, in version 15.6. The affected DLL version is 2013.1.417, which has not been updated to mitigate the known vulnerabilities listed under CVE-2019-1893. This poses a significant security risk as the current configuration allows remote internet access to the mail archiver, exposing users’ archived emails.

Recommended Solution

Until an update is available, it is recommended to restrict public internet access to the GFI Archiver. Instead, Use the Outlook Connector to enable secure access to archived emails. This method provides a safer alternative to direct internet exposure of the Archiver.

Future Updates

We are committed to resolving this vulnerability in an upcoming release of GFI Archiver. While there is currently no estimated time of arrival for this update, customers are encouraged to regularly check our Product Releases page. This resource will provide information on forthcoming updates and detail the specific issues addressed in each release.

Stay Informed

For the latest updates and best practices for securing your GFI Archiver installation, please visit our Product Releases page. Subscribe to our notification service to receive updates directly via email.