CVE-2018-0140
Description
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.463
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco Email Security Appliance and Cisco Content Security Management Appliance Spam Quarantine Vulnerability For Cisco IronPort Security Management Appliance Software | NCM |
| Cisco Email Security Appliance and Cisco Content Security Management Appliance Spam Quarantine Vulnerability For Cisco IronPort Email Security Appliance Software | NCM |
| Direct Request (Forced Browsing) Vulnerability (CVE-2018-0140) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706033 | Security Update for Cisco IronPort Security Management Appliance Software 11.0.1-152 |
| PATCH-1706003 | Security Update for Cisco IronPort Email Security Appliance Software 9.7.2-131 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234