CVE-2018-0140

https://notcve.org/view.php?id=CVE-2018-0140

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295. Una vulnerabilidad en la cuarentena de spam de Cisco Email Security Appliance y Cisco Content Security Management Appliance podría permitir que un atacante remoto autenticado descargue cualquier mensaje de la cuarentena de spam modificando la información de las cadenas del navegador. • http://www.securityfocus.com/bid/103090 http://www.securitytracker.com/id/1040338 http://www.securitytracker.com/id/1040339 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-esacsm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •