SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
References
Link | Resource |
---|---|
https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/ | Third Party Advisory |
https://www.smartertools.com/smartermail/release-notes/current | Exploit Release Notes Vendor Advisory |
Configurations
History
No history.
Information
Published : 2019-04-24 15:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-7212
Mitre link : CVE-2019-7212
CVE.ORG link : CVE-2019-7212
JSON object : View
Products Affected
smartertools
- smartermail
CWE
CWE-798
Use of Hard-coded Credentials