Improper Privilege Restriction in Cisco Content Security Management Appliance (SMA) Allows Unauthorized Access to Spam Quarantine Folder
CVE-2015-4322 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:N
Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894.
Learn more about our User Device Pen Test.