CVE-2018-3815

The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements.
References
Link Resource
https://packetstormsecurity.com/files/145724/communigatepro62-spoof Exploit Third Party Advisory VDB Entry
https://packetstormsecurity.com/files/145724/communigatepro62-spoof Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:stalker:communigate_pro:6.2:*:*:*:*:*:*:*

History

21 Nov 2024, 04:06

Type Values Removed Values Added
References () https://packetstormsecurity.com/files/145724/communigatepro62-spoof - Exploit, Third Party Advisory, VDB Entry () https://packetstormsecurity.com/files/145724/communigatepro62-spoof - Exploit, Third Party Advisory, VDB Entry

Information

Published : 2018-01-08 05:29

Updated : 2024-11-21 04:06


NVD link : CVE-2018-3815

Mitre link : CVE-2018-3815

CVE.ORG link : CVE-2018-3815


JSON object : View

Products Affected

stalker

  • communigate_pro
CWE
CWE-287

Improper Authentication