SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
References
Link | Resource |
---|---|
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/ | Third Party Advisory |
https://www.smartertools.com/smartermail/release-notes/current | Exploit Release Notes Vendor Advisory |
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/ | Third Party Advisory |
https://www.smartertools.com/smartermail/release-notes/current | Exploit Release Notes Vendor Advisory |
Configurations
History
21 Nov 2024, 04:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/ - Third Party Advisory | |
References | () https://www.smartertools.com/smartermail/release-notes/current - Exploit, Release Notes, Vendor Advisory |
Information
Published : 2019-04-24 15:29
Updated : 2024-11-21 04:47
NVD link : CVE-2019-7212
Mitre link : CVE-2019-7212
CVE.ORG link : CVE-2019-7212
JSON object : View
Products Affected
smartertools
- smartermail
CWE
CWE-798
Use of Hard-coded Credentials