Vulnerabilities > CVE-2020-36519 - Unspecified vulnerability in Mimecast Email Security

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

mimecast

NVD

Published: 2022-03-16

Updated: 2022-03-22

Summary

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)

Vulnerable Configurations

Part	Description	Count
Application	Mimecast Mimecast Email Security -	1

References

https://wesleyk.me/2020/01/10/my-first-vulnerability-mimecast-sender-address-verification/