CVE-2019-6242

📊 7.2 HIGH⚡ 0.5%🎯 0 exploits

📅 Published Feb 8, 2019

📋 Status: Modified

Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to fix it at a future time

CVSS v3.0 • NVD

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	kentico	kentico	10.0.42	Vulnerable	cpe:2.3:a:kentico:kentico:10.0.42:::::::*

📱

kentico / kentico

Application

Vulnerable

Version: 10.0.42

CPE:

cpe:2.3:a:kentico:kentico:10.0.42:*:*:*:*:*:*:*

Metrics

7.2 HIGHCVSS v3.0[email protected]

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

HIGH

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Modified

CVSS Details

7.2 (HIGH)v3.0

Source: [email protected]

EPSS Details

0.5% (Minimal)63.3th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Feb 8, 2019 (6 years ago)

Last Modified

Nov 21, 2024 (11 months ago)

Security Weaknesses1

CWE-522

References1

NVD