Lucene search

MitreCVE-2019-7213

HistoryApr 24, 2019 - 3:29 p.m.

CVE-2019-7213

2019-04-2415:29:02

CWE-22

mitre

web.nvd.nist.gov

smartermail

build 6985

directory traversal

vulnerability

nvd

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

26.5%

JSON

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.

Affected configurations

Nvd

Node

smartertoolssmartermailRange16.0.6345–16.3.6985

VendorProductVersionCPE
smartertoolssmartermail*cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
smartertools	smartermail	*	cpe:2.3:a:smartertools:smartermail::::::::

References

www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/

www.smartertools.com/smartermail/release-notes/current

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

26.5%

JSON

Related for CVE-2019-7213