Smartertools: >> Smartermail >> 16.3.6705 Security Vulnerabilities
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
CVSS Score
9.8
EPSS Score
0.826
Published
2019-04-24
SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious email or when viewing a malicious file attachment.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-04-24
SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists.
CVSS Score
8.2
EPSS Score
0.005
Published
2019-04-24
Page 2