CVE-2018-0140 in Email Security Applianceinfo

Zusammenfassung

von MITRE

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

27.11.2017

Veröffentlichung

08.02.2018

Moderieren

akzeptiert

Eintrag

VDB-112993

CPE

bereit

CWE

CWE-200 (bestätigt)

CVSS

6.5 (NVD)

EPSS

0.00463

KEV

nein

Aktivitäten

very low

Sektor

Education, Chemical, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-0140
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0140
CVE Details	https://www.cvedetails.com/cve/CVE-2018-0140/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!