CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2019-7214

CVSS 9.8v3.0pub. 2019-04-24upd. 2024-11-21

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Smartertools Smartermail

    APP
    Smartertools
    16.0.6345 – 16.3.6985 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth BypassDeserialization
CWE
References

Related vulnerabilities

CVE-2026-24423CRITICAL9.3⚠ KEVPL ✓ten sam produkt

SmarterMail – nieuwierzytelnione RCE przez ConnectToHub API

CVE-2026-23760CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Pominięcie uwierzytelnienia w API resetowania hasła SmarterMail

CVE-2025-52691CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Nieautoryzowany upload plików i RCE w SmarterMail (SmarterTools)

CVE-2021-32234CRITICAL9.8ten sam produkt

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.

CVE-2026-7807HIGH8.7ten sam produkt

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/repo...