CVE-2021-20501

Description

IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. An attacker could exploit this vulnerability to consume unnecessary network bandwidth and disk space, and allow remote attackers to send spam email. IBM X-Force ID: 198056.

Related CPE's

oibmi7.1*******
vulnerable
oibmi7.2*******
vulnerable
oibmi7.3*******
vulnerable
oibmi7.4*******
vulnerable

References

ibm-i-cve202120501-dos (198056)

VDB EntryVendor Advisory

https://www.ibm.com/support/pages/node/6445505

Vendor Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

LOW

PrivilegesRequired

NONE

BaseScore

8.2

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

6.4

VectorString

AV:N/AC:L/Au:N/C:N/I:P/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE