vulnerability
Red Hat: CVE-2021-38373: kmail: STARTTLS is ignored when "Server requires authentication" not checked in UI
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:P/I:N/A:N) | Aug 10, 2021 | Jul 9, 2025 | Jul 9, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Published
Aug 10, 2021
Added
Jul 9, 2025
Modified
Jul 9, 2025
Description
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
Solution
no-fix-redhat-rpm-package
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.