Improper Privilege Restriction in Cisco Content Security Management Appliance (SMA) Allows Unauthorized Access to Spam Quarantine Folder

Improper Privilege Restriction in Cisco Content Security Management Appliance (SMA) Allows Unauthorized Access to Spam Quarantine Folder

CVE-2015-4322 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894.

Learn more about our User Device Pen Test.