PT-2019-9119 · Totemo · Totemomail
Published
2019-08-29
·
Updated
2019-09-03
·
CVE-2018-15513
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
totemomail version 6.0.0 build 570
Description
The log viewer in totemomail allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role.
Recommendations
For totemomail version 6.0.0 build 570, restrict access to the log viewer to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totemomail