CVE-2018-3815

Name of the Vulnerable Software and Affected Versions CommuniGate Pro versions 6.2

Description The issue concerns a Missing XIMSS Protocol Validation attack in the XIMSS protocol implementation, which can lead to an email spoofing attack. This allows a malicious authenticated attacker to send a message from any source email address. The attack utilizes an HTTP POST request to the "/Session" URI and involves interchanging the XML From and To elements.

Recommendations For CommuniGate Pro version 6.2, consider restricting access to the XIMSS protocol implementation until a patch is available, and avoid using the /Session URI for sensitive operations. As a temporary workaround, consider validating the XML From and To elements to prevent interchange and minimize the risk of email spoofing attacks.