Skip to main content

Smartermail CVE-2019-7214

CRITICAL
Deserialization of Untrusted Data (CWE-502)
2019-04-24 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 24, 2019 - 15:29 nvd
CRITICAL 9.8

DescriptionNVD

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.

AnalysisAI

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Deserialization of Untrusted Data (CWE-502), which allows attackers to execute arbitrary code through malicious serialized objects. SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch. Affected products include: Smartertools Smartermail.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid deserializing untrusted data. Use safe serialization formats (JSON). Implement integrity checks and type allowlists.

CVE-2026-23760 CRITICAL POC
9.8 Jan 22

SmarterTools SmarterMail prior to build 9511 contains a critical authentication bypass in the password reset API (CVE-20

CVE-2026-24423 CRITICAL POC
9.8 Jan 23

SmarterTools SmarterMail prior to build 9511 contains a second critical vulnerability (CVE-2026-24423) — an unauthentica

CVE-2019-7212 HIGH POC
8.2 Apr 24

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. Rated high severity (CVSS 8.2), this vulnerab

CVE-2021-32234 CRITICAL
9.8 Nov 17

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. Rated critical severity (CVS

CVE-2023-48116 MEDIUM POC
5.4 Dec 21

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appoint

CVE-2023-48115 MEDIUM POC
5.4 Dec 21

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skip

CVE-2023-48114 MEDIUM POC
5.4 Dec 21

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG docu

CVE-2026-7807 HIGH
8.7 May 08

Authenticated attackers can read arbitrary JSON files from SmarterMail servers prior to build 9560 through a path traver

CVE-2012-2578 MEDIUM POC
4.3 Sep 19

Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web sc

CVE-2019-7213 MEDIUM
6.5 Apr 24

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. Rated medium severity (CVSS 6.5), this vulne

CVE-2021-43977 MEDIUM
6.1 Nov 17

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. Rated medium severity (CVSS 6.1), this vulnera

CVE-2021-32233 MEDIUM
6.1 Jul 06

SmarterTools SmarterMail before Build 7776 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely

Share

CVE-2019-7214 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy