Vulnerability Description
SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smartertools | Smartermail | >= 16.0.6345, < 16.3.6985 |
Related Weaknesses (CWE)
References
- https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabiThird Party Advisory
- https://www.smartertools.com/smartermail/release-notes/currentRelease NotesVendor Advisory
- https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabiThird Party Advisory
- https://www.smartertools.com/smartermail/release-notes/currentRelease NotesVendor Advisory
FAQ
What is CVE-2019-7213?
CVE-2019-7213 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail s...
How severe is CVE-2019-7213?
CVE-2019-7213 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-7213?
Check the references section above for vendor advisories and patch information. Affected products include: Smartertools Smartermail.