vulnerability

FreeBSD: VID-fd538d14-5778-4764-b321-2ddd61a8a58f (CVE-2021-44549): keycloak -- Missing server identity checks when sending mails via SMTPS

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Oct 31, 2024	Nov 1, 2024	Dec 10, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Oct 31, 2024

Added

Nov 1, 2024

Modified

Dec 10, 2025

Description

Red Hat reports: A vulnerability was found in Apache Sling Commons Messaging Mail(angus-mail), which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email communication.

Solution

freebsd-upgrade-package-keycloak

References

CVE-2021-44549
https://attackerkb.com/topics/CVE-2021-44549
CWE-295

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today