CVE Vulnerability

CVE-2018-3815

The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements.

3.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://packetstormsecurity.com/files/145724/communigatepro62-spoof Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:stalker:communigate_pro:6.2:*:*:*:*:*:*:*
Information

Published : 2018-01-08 05:29

Updated : 2019-10-03 12:03

NVD link : CVE-2018-3815

Mitre link : CVE-2018-3815

Products Affected
No products.
CWE
CWE-287