CVE-2021-32234: 
SmarterTools SmarterMail vulnerability analysis and mitigation

SmarterTools SmarterMail versions 16.x through 100.x before 100.0.7803 contains a critical remote code execution vulnerability identified as CVE-2021-32234. The vulnerability was discovered in April 2021 and was patched in May 2021 with the release of version 100.0.7803 (DIVD Case).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that it is network-accessible, requires low attack complexity, needs no privileges or user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability allows remote code execution on affected SmarterMail servers, potentially giving attackers complete control over the mail server. This could lead to unauthorized access to email communications, data theft, and system compromise (DIVD Case).

Organizations running affected versions of SmarterMail should immediately upgrade to version 100.0.7803 or later. To verify the installed version, administrators can check the version number by accessing /about/checkup within the SmarterMail portal (DIVD Case, SmarterMail Release).