Vulnerability CVE-2019-7214


Published: 2019-04-24

Description:
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.

See advisories in our WLB2 database:
Topic
Author
Date
High
SmarterMail 6985 Remote Code Execution
Soroush Dalili
11.12.2020

Type:

CWE-824

(Access of Uninitialized Pointer)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/
https://www.smartertools.com/smartermail/release-notes/current

Copyright 2024, cxsecurity.com

 

Back to Top