Ubiquiti · Unifi Controller · CVE-2019-5456
**Name of the Vulnerable Software and Affected Versions**
UniFi Controller versions prior to 5.10.22
**Description**
A malicious actor can set up an SMTP proxy server between the UniFi Controller and the actual SMTP server to record SMTP credentials for later malicious use.
**Recommendations**
For versions prior to 5.10.22, update to version 5.10.22 or later to resolve the issue.