The vulnerability of Kaspersky Secure Mail Gateway’s email protection mechanism, which stems from the absence of a CSRF token in web forms, allows for the hijacking of the administrator’s session.

🗓️ 09 Feb 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Lack of cross site forgery token in forms enables administrator session hijack on Kaspersky gateway.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability in the web console of the Kaspersky Secure Mail Gateway protection tool allows for XSS attacks to be carried out.	9 Feb 201800:00	–	bdu_fstec
BDU FSTEC	The vulnerability in the web console of the Kaspersky Secure Mail Gateway security tool, which allows access to the root user rights.	9 Feb 201800:00	–	bdu_fstec
BDU FSTEC	The vulnerability of Kaspersky Secure Mail Gateway’s email protection mechanism, related to insecure privilege management, allows unauthorized access to root rights.	9 Feb 201800:00	–	bdu_fstec
CNVD	Kaspersky Secure Mail Gateway Cross-Site Request Forgery Vulnerability	7 Feb 201800:00	–	cnvd
Core Security	Kaspersky Secure Mail Gateway Multiple Vulnerabilities	1 Feb 201800:00	–	coresecurity
CVE	CVE-2018-6288	6 Feb 201815:00	–	cve
Cvelist	CVE-2018-6288	6 Feb 201815:00	–	cvelist
EUVD	EUVD-2018-18049	7 Oct 202500:30	–	euvd
NVD	CVE-2018-6288	6 Feb 201815:29	–	nvd
Prion	Cross site request forgery (csrf)	6 Feb 201815:29	–	prion

Source	Link
support	www.support.kaspersky.ru/vulnerability.aspx
coresecurity	www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 36.3

CVSS 27.1

EPSS0.00163

cross site forgery administrator session hijack Kaspersky gateway