// For flags

CVE-2020-36519

 

Severity Score

4.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)

Mimecast Email Security versiones anteriores a 10-01-2020 permite a cualquier administrador falsificar cualquier dominio y pasar la alineaciĆ³n DMARC por medio de SPF. Esto ocurre por el uso inapropiado de la funcionalidad address rewrite. (El dominio que es suplantado debe ser un cliente de la red de Mimecast desde el que es producida la suplantaciĆ³n)

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-03-15 CVE Reserved
  • 2022-03-15 CVE Published
  • 2023-10-06 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mimecast
Search vendor "Mimecast"
 Email Security
Search vendor "Mimecast" for product "Email Security"
 < 2020-01-10
Search vendor "Mimecast" for product "Email Security" and version " < 2020-01-10"
-
Affected