Vulnerabilities > CVE-2018-7702 - Missing Authorization vulnerability in Securenvoy Securmail

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

securenvoy

CWE-862

critical

exploit available

NVD

Published: 2018-03-15

Updated: 2019-10-03

Summary

SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.

Vulnerable Configurations

Part	Description	Count
Application	Securenvoy Securenvoy Securmail -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Exploit-Db

description	SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities. CVE-2018-7701,CVE-2018-7702,CVE-2018-7703,CVE-2018-7704,CVE-2018-7705,CVE-2018-7706,CVE-2018-7707. W...
file	exploits/aspx/webapps/44285.txt
id	EDB-ID:44285
last seen	2018-05-24
modified	2018-03-13
platform	aspx
port
published	2018-03-13
reporter	Exploit-DB
source	https://www.exploit-db.com/download/44285/
title	SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
type	webapps

Packetstorm

data source	https://packetstormsecurity.com/files/download/146732/SA-20180312-0.txt
id	PACKETSTORM:146732
last seen	2018-03-23
published	2018-03-12
reporter	Wolfgang Ettlinger
source	https://packetstormsecurity.com/files/146732/SecurEnvoy-SecurMail-9.1.501-XSS-CSRF-Traversal.html
title	SecurEnvoy SecurMail 9.1.501 XSS / CSRF / Traversal

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References