Authorization

2019-09-0502:15:00

PRIOn knowledge base

www.prio-n.com

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.

CPENameOperatorVersion
content_security_management_appliancelt12.5.0

CPE	Name	Operator	Version
	content_security_management_appliance	lt	12.5.0

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sma-info-dis