2 matches found
CVE-2021-44549
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these addition...
CVE-2021-44549
CVE-2021-44549 affects Apache Sling Commons Messaging Mail (Sling Mail) implementations that use SMTPS. The issue arises from the SimpleMailService in Apache Sling Commons Messaging Mail 1.0 which lacked an option to enable mail.smtps.ssl.checkserveridentity by default, leaving SMTPS connections ...