CVE-2018-0140

Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance (affected versions not specified) Cisco Content Security Management Appliance (affected versions not specified)

Description: A issue in the spam quarantine could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. This is due to a lack of verification of authenticated user accounts. An attacker could exploit this by modifying browser strings to see messages submitted by other users to the spam quarantine within their company.

Recommendations: For Cisco Email Security Appliance, update to a version that includes the fix for the issue. For Cisco Content Security Management Appliance, update to a version that includes the fix for the issue. As a temporary workaround, consider restricting access to the spam quarantine feature until a patch is available.