Smartermail Security Vulnerabilities and Issues — Smartermail CVE List

Lucene search

SmartertoolsSmartermail

4 matches found

CVE•added 2019/04/24 3:29 p.m.•114 views

CVE-2019-7214

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.

10CVSS9.5AI score0.82904EPSS

CVE•added 2019/04/24 3:29 p.m.•34 views

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.

8.2CVSS8.1AI score0.00571EPSS

CVE•added 2019/04/24 3:29 p.m.•29 views

CVE-2019-7211

SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.

6.1CVSS6.3AI score0.00359EPSS

CVE•added 2019/04/24 3:29 p.m.•28 views

CVE-2019-7213

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the ...

6.5CVSS6.6AI score0.1338EPSS