FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

keycloak -- Missing server identity checks when sending mails via SMTPS

Affected packages
keycloak < 26.0.4

Details

VuXML ID fd538d14-5778-4764-b321-2ddd61a8a58f
Discovery 2024-10-01
Entry 2024-10-31

Red Hat reports:

A vulnerability was found in Apache Sling Commons Messaging Mail(angus-mail), which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email communication.

[source]

References

CVE Name CVE-2021-44549
URL https://www.cve.org/CVERecord?id=CVE-2021-44549

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.