Main Vulnerability Database Exploits ID:6251 - Exploit for Cross-site request forgery in SecurEnvoy SecurMail - CVE-2018-7701

ID:6251 - Exploit for Cross-site request forgery in SecurEnvoy SecurMail - CVE-2018-7701

Published: June 17, 2021

Vulnerability identifier: #VU11486

Vulnerability risk: Low

CVE-ID: CVE-2018-7701

CWE-ID: CWE-352

Exploitation vector: Remote access

Vulnerable software:
SecurEnvoy SecurMail

Link to public exploit:

https://www.exploit-db.com/exploits/44285/

Vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists improper authentication. A remote attacker can hijack the authentication of arbitrary users for requests that delete e-mail messages via a delete action in a request to secmail/getmessage.exe or spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe and gain access to potentially sensitive information.

Remediation

Update to version 9.2.501.

ID:6251 - Exploit for Cross-site request forgery in SecurEnvoy SecurMail - CVE-2018-7701

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human