CVE-2019-12635 is a vulnerability in Cisco Content Security Management Appliance
Published on September 5, 2019
Cisco Content Security Management Appliance Information Disclosure Vulnerability
A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2019-12635 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2019-12635
Want to know whenever a new CVE is published for Cisco Content Security Management Appliance? stack.watch will email you.
Affected Versions
Cisco Content Security Management Appliance (SMA):- Version unspecified and below 12.5.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.