exploitDog

CVE-2020-36519

Опубликовано: 16 мар. 2022

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)

Ссылки

https://wesleyk.me/2020/01/10/my-first-vulnerability-mimecast-sender-address-verification/
Exploit
Third Party Advisory
https://wesleyk.me/2020/01/10/my-first-vulnerability-mimecast-sender-address-verification/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mimecast:email_security:*:*:*:*:*:*:*:*

Версия до 2020-01-10 (исключая)

EPSS

Процентиль: 46%

0.00232

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2x44-42qx-w2fx

CVSS3: 4.9

github

почти 4 года назад

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)

EPSS

Процентиль: 46%

0.00232

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo