Описание
Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.1 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
Связанные уязвимости
Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system.
EPSS
6.1 Medium
CVSS3
5.3 Medium
CVSS3