SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Link | Tags |
---|---|
http://seclists.org/fulldisclosure/2018/Mar/29 | third party advisory mailing list |
https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html | third party advisory |
https://www.exploit-db.com/exploits/44285/ | third party advisory vdb entry exploit |