PT-2019-18466 · Smartertools · Smartermail
Published
2019-04-24
·
Updated
2023-07-11
·
CVE-2019-7214
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SmarterTools SmarterMail versions prior to build 6985
Description
The issue allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Recommendations
For versions prior to build 6985, apply the Build 6985 patch to fix the issue. As a temporary workaround, consider restricting access to port 17001 to minimize the risk of exploitation.
Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Smartermail