CVE-2021-38373: Command Injection
First published: Tue Aug 10 2021(Updated: )
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE KMail | =19.12.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-38373.
What is the title of this vulnerability?
The title of this vulnerability is "In KDE KMail 19.12.3 (aka 5.13.3) the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless 'Server requires authentication' is checked."
What is the severity rating of CVE-2021-38373?
The severity rating of CVE-2021-38373 is medium with a value of 5.3.
How does CVE-2021-38373 affect KDE KMail?
CVE-2021-38373 affects KDE KMail version 19.12.3 (aka 5.13.3).
How can I fix the vulnerability CVE-2021-38373?
To fix the vulnerability CVE-2021-38373, ensure that the "Server requires authentication" option is checked in KDE KMail settings.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/kde
- canonical/kde kmail
- version/kde kmail/19.12.3