CVE-2018-7702 - SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mai

CVE-2018-7702

Summary

SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.

References

Vulnerable Configurations

cpe:2.3:a:securenvoy:securmail:-:*:*:*:*:*:*:*
cpe:2.3:a:securenvoy:securmail:-:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

CWE-862

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:N

refmap via4

exploit-db	44285
fulldisc	20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail
misc	https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html

Last major update

03-10-2019 - 00:03

Published

15-03-2018 - 01:29

Last modified

03-10-2019 - 00:03