exploitDog

CVE-2020-7918

Опубликовано: 27 мар. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 5.5

EPSS Низкий

Описание

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.

Ссылки

https://objectif-securite.ch/2020/03/20/IDOR-totemo-mail-folder.html
Third Party Advisory
https://www.totemo.com/en/solutions/email-encryption
Product
Vendor Advisory
https://objectif-securite.ch/2020/03/20/IDOR-totemo-mail-folder.html
Third Party Advisory
https://www.totemo.com/en/solutions/email-encryption
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:totemo:totemomail:7.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.0019

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-2hh7-f3x9-8mgq

github

больше 3 лет назад

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.

EPSS

Процентиль: 41%

0.0019

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-639