2 matches found
CVE-2015-4322
Cisco SMA exposes a privilege-escalation flaw in LDAP auth handling. Affected: SMA 8.3.6-039, 9.1.0-31, 9.1.0-103. An authenticated remote attacker can read/write another user’s Spam Quarantine via the spam-notification URL due to improper authentication privileges. Advisory Cisco-SA-20150814-CVE...
CVE-2015-4322
Cisco Content Security Management Appliance SMA 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, a...