Home > Vulnerability Database > CVE-2021-38373

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2021-38373

Date: August 10, 2021

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

Severity Score

5.3

Related Resources (7)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-38373

Url: https://access.redhat.com/security/cve/CVE-2021-38373

Url: https://nostarttls.secvuln.info

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-38373

Url: https://security-tracker.debian.org/tracker/CVE-2021-38373

Url: https://bugs.kde.org/show_bug.cgi?id=423423

Url: https://www.mend.io/vulnerability-database/CVE-2021-38373

Severity Score

5.3

Weakness Type (CWE)

Command Injection

CWE-77

Cleartext Transmission of Sensitive Information

CWE-319

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us