CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
Configurations

Configuration 1 (hide)

cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:47

Type Values Removed Values Added
References () https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/ - Third Party Advisory () https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/ - Third Party Advisory
References () https://www.smartertools.com/smartermail/release-notes/current - Exploit, Release Notes, Vendor Advisory () https://www.smartertools.com/smartermail/release-notes/current - Exploit, Release Notes, Vendor Advisory

Information

Published : 2019-04-24 15:29

Updated : 2024-11-21 04:47


NVD link : CVE-2019-7212

Mitre link : CVE-2019-7212

CVE.ORG link : CVE-2019-7212


JSON object : View

Products Affected

smartertools

  • smartermail
CWE
CWE-798

Use of Hard-coded Credentials