CVE-2019-7213

{"id": "CVE-2019-7213", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-04-24T15:29:02.013", "references": [{"url": "https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-smartermail/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.smartertools.com/smartermail/release-notes/current", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside the web directories."}, {"lang": "es", "value": "SmarterTools SmarterMail versi\u00f3n 16.x anterior a la compilaci\u00f3n 6985, permite el salto de directorios (directory traversal). Un usuario autenticado podr\u00eda suprimir archivos arbitrarios o podr\u00eda crear archivos en nuevas carpetas en ubicaciones arbitrarias en el servidor de correo. Esto podr\u00eda conllevar a la ejecuci\u00f3n de comandos en el servidor, por ejemplo, al colocar archivos dentro de los directorios web."}], "lastModified": "2019-04-30T16:52:58.293", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:smartertools:smartermail:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5220CA4-0116-425B-94DA-4474575FFF21", "versionEndExcluding": "16.3.6985", "versionStartIncluding": "16.0.6345"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}