CVE-2015-4322

Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894.

Published: Aug 19, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-4322
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
cisco / content_security_management_appliance	8.3.6-039	8.3.6-039.x
cisco / content_security_management_appliance	9.1.0-31	9.1.0-31.x
cisco / content_security_management_appliance	9.1.0-103	9.1.0-103.x

http://tools.cisco.com/security/center/viewAlert.x?alertId=40450
http://www.securityfocus.com/bid/76365
http://www.securitytracker.com/id/1033322

Vulnerability Database

289,697

CVE-2015-4322