CVE-2021-33515

Updated: 2023-11-07 19:42:55.09168

Description:

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5.8
CVSS Version 3.x MEDIUM 4.8

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS dovecot 2.0.9 4.8 MEDIUM Ignored 2021-11-02 14:03:16
CentOS 8.4 ELS dovecot 2.3.8 4.8 MEDIUM Released CLSA-2022:1653506138 2022-05-25 16:27:17
CentOS 8.5 ELS dovecot 2.3.8 4.8 MEDIUM Released CLSA-2022:1653506545 2022-05-25 16:26:55
CloudLinux 6 ELS dovecot 2.0.9 4.8 MEDIUM Ignored 2021-11-02 14:03:16
Oracle Linux 6 ELS dovecot 2.0.9 4.8 MEDIUM Ignored 2021-11-02 14:03:16
Ubuntu 16.04 ELS dovecot 2.2.22 4.8 MEDIUM Not Vulnerable 2021-11-02 14:03:16
Ubuntu 18.04 ELS dovecot 2.2.33.2-1 4.8 MEDIUM Not Vulnerable 2023-07-04 17:06:57