SmarterTools SmarterMail 16.x before build 6985 allows...
Critical severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jul 11, 2023
Description
Published by the National Vulnerability Database
Apr 24, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jul 11, 2023
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
References