Vulnerability in Cisco Content_security_management_appliance

CVE-2015-4322

Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's S…

EPSS: 0.002 (38.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Content_security_management_appliance — versions 8.3.6-039, 9.1.0-31, 9.1.0-103
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

76365 (vdb-entry, x_refsource_BID)
20150814 Cisco Security Mail Appliance Email Spam Quarantine Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1033322 (vdb-entry, x_refsource_SECTRACK)