CVE-2021-20501

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.1 through 7.4

Description: The issue allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. This could be exploited to consume unnecessary network bandwidth and disk space, and allow remote attackers to send spam email.

Recommendations: For IBM i versions 7.1 through 7.4, consider changing the SMTP configuration to prevent sending emails to non-existent local-domain recipients as a mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.