A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
| Link | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sma-info-dis | vendor advisory |