CVE-2019-7214
Summary
| CVE | CVE-2019-7214 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-24 15:29:00 UTC |
| Updated | 2023-07-11 18:15:00 UTC |
| Description | SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch. |
Risk And Classification
Problem Types: CWE-502
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Smartertools | Smartermail | All | All | All | All |
| Application | Smartertools | Smartermail | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SmarterTools SmarterMail Remote Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| SmarterMail 6985 Remote Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| www.smartertools.com/smartermail/release-notes/current | CONFIRM | www.smartertools.com | Exploit, Release Notes, Vendor Advisory |
| www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-i... | MISC | www.nccgroup.trust | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.