ID CVE-2018-7702
Summary SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
References
Vulnerable Configurations
  • cpe:2.3:a:securenvoy:securmail:-:*:*:*:*:*:*:*
    cpe:2.3:a:securenvoy:securmail:-:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
exploit-db 44285
fulldisc 20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail
misc https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html
vulnerable_product via4 cpe:2.3:a:securenvoy:securmail:-:*:*:*:*:*:*:*
Last major update 03-10-2019 - 00:03
Published 15-03-2018 - 01:29
Back to Top