Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-0140

Опубликовано: 08 фев. 2018
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:email_security_appliance_firmware:9.8.0-112:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.1-087:*:*:*:*:*:*:*
cpe:2.3:o:cisco:email_security_appliance_firmware:11.0.0-274:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:email_security_appliance_c160:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c170:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c190:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c370:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c370d:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c380:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c390:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c670:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c680:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c690:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_c690x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:email_security_appliance_x1070:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:cisco:content_security_management_appliance:10.0.0-096:*:*:*:*:*:*:*
cpe:2.3:o:cisco:content_security_management_appliance:10.1.0-037:*:*:*:*:*:*:*
cpe:2.3:o:cisco:content_security_management_appliance:10.1.0-052:*:*:*:*:*:*:*
cpe:2.3:o:cisco:content_security_management_appliance:11.0.0-115:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:content_security_management_appliance_sma_m190:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m390x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:content_security_management_appliance_sma_m690x:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%
0.00463
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200
CWE-425

Связанные уязвимости

github логотип

GHSA-w5x3-hp8j-7gh2

CVSS3: 6.5
github
больше 3 лет назад

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.

EPSS

Процентиль: 64%
0.00463
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200
CWE-425