Hardcoded Secret Keys in SmarterMail by SmarterTools
CVE-2019-7212

8.2HIGH

Key Information:

Vendor: Smartertools
Status: Smartermail
Vendor: CVE Published:; 24 April 2019

🔔 Create Smartertools Vulnerability Alert

What is CVE-2019-7212?

SmarterTools' SmarterMail prior to build 6985 is affected by a significant security flaw involving hardcoded secret keys, which exposes user data to unauthorized access. An attacker, without authentication, can exploit this vulnerability to gain access to sensitive emails and file attachments from other users, compromising the integrity and confidentiality of user communications. Additionally, this vulnerability permits interaction with mailing lists, further increasing the risk of unauthorized information exposure. Users of affected versions are advised to implement necessary security measures promptly.

References

https://www.smartertools.com/smartermail/release-notes/cu...

x_refsource_CONFIRM

https://www.nccgroup.trust/uk/our-research/technical-advi...

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2019
Vulnerability Reserved
Jan 29, 2019