Vulnerability Details CVE-2019-16949
An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message as well as the end recipient of the message. The e-mail address will have the same domain name and user as the product allotted. This can be used in phishing campaigns against users on the same domain.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References