CyberSec.Space Logo
Back to CVE Browser

CVE-2018-3815

MEDIUM
5.7
CVSS Severity Score
EPSS Score0.0220%
EPSS Percentile31.87th
PublishedJan 8, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements.

Affected Platforms (CPE)

📦
Stalker

Communigate Pro

= 6.2

References & Advisories

🔗 https://packetstormsecurity.com/files/145724/communigatepro62-spoof
🔗 https://packetstormsecurity.com/files/145724/communigatepro62-spoof

Related Vulnerabilities

CVE-2006-04687.5

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitra...

CVE-2017-169626.1

The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the ...

CVE-2018-186216.1

CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the...

CVE-2003-14815.8

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote ...