Vulnerability Details CVE-2019-12635
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.5%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 3.5
References
Products affected by CVE-2019-12635
-
cpe:2.3:a:cisco:content_security_management_appliance:-
-
cpe:2.3:a:cisco:content_security_management_appliance:10.0.0-203
-
cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-037
-
cpe:2.3:a:cisco:content_security_management_appliance:10.1.0-049
-
cpe:2.3:a:cisco:content_security_management_appliance:11.4.0-812
-
cpe:2.3:a:cisco:content_security_management_appliance:12.0
-
cpe:2.3:a:cisco:content_security_management_appliance:12.0.1
-
cpe:2.3:a:cisco:content_security_management_appliance:8.3.6-039
-
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0
-
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031
-
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033
-
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103
-
cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-31
-
cpe:2.3:a:cisco:content_security_management_appliance:9.5.0
-
cpe:2.3:a:cisco:content_security_management_appliance:9.6.0
-
cpe:2.3:a:cisco:content_security_management_appliance:9.6.6-068
-
cpe:2.3:a:cisco:content_security_management_appliance:9.7.0-006