CVE-2018-7704

Published: Mar 15, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.

Affected (1)

Products: Securenvoy: Securmail

Securenvoy

1 product

Securmail

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Securenvoy Securmail	Before 9.2.501

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://seclists.org/fulldisclosure/2018/Mar/29

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://www.exploit-db.com/exploits/44285/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html

Source: cve@mitre.org

ExploitThird Party Advisory

http://seclists.org/fulldisclosure/2018/Mar/29

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://www.exploit-db.com/exploits/44285/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.