cisco-sa-20190904-sma-info-dis: Cisco Content Security Management Appliance and Cisco Email Security Appliance Information Disclosure Vulnerability
First published: Wed Sep 04 2019(Updated: )
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sma-info-dis
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Content Security Management Virtual Appliance | ||
| Cisco Email Security Appliance Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-20190904-sma-info-dis?
The cisco-sa-20190904-sma-info-dis vulnerability is considered high severity due to its potential for unauthorized access.
How do I fix cisco-sa-20190904-sma-info-dis?
To fix the cisco-sa-20190904-sma-info-dis vulnerability, ensure that you apply the recommended software updates provided by Cisco.
Who is affected by cisco-sa-20190904-sma-info-dis?
The cisco-sa-20190904-sma-info-dis vulnerability affects users of Cisco Content Security Management Appliance and Cisco Email Security Appliance.
Can cisco-sa-20190904-sma-info-dis be exploited remotely?
Yes, cisco-sa-20190904-sma-info-dis can be exploited by an authenticated remote attacker.
What impact does cisco-sa-20190904-sma-info-dis have on email security?
The cisco-sa-20190904-sma-info-dis vulnerability allows unauthorized access to email, compromising email security.
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/title
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco content security management virtual appliance
- canonical/cisco email security appliance firmware