QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-0140

Back to search

CVE-2018-0140

Published: Feb 8, 2018

Modified: Dec 2, 2024

PUBLISHED

Description

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.

VendorProductVersions

n/a

Cisco Email Security Appliance and Cisco Content Security Management Appliance

affected
Cisco Email Security Appliance and Cisco Content Security Management Appliance

Weaknesses (CWE)

CWE-200

References

1040339
vdb-entry
x_refsource_SECTRACK
103090
vdb-entry
x_refsource_BID
1040338
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now