CVE-2018-3815
published 2018-01-08CVE-2018-3815: The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol…
PriorityP428medium5.7CVSS 3.0
AVNACLPRLUIRSUCNIHAN
EPSS
0.89%
54.9th percentile
The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stalker | communigate_pro | — | — |
CVSS provenance
nvdv3.05.7MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hxgx-wfcx-qv3g: The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6
ghsa_unreviewed·2022-05-13
CVE-2018-3815 [MEDIUM] CWE-287 GHSA-hxgx-wfcx-qv3g: The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6
The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements.
Red Hat
systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864
vendor_redhat·2019-01-14·CVSS 7.8
CVE-2019-3815 [HIGH] CWE-401 systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864
systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash.
Stat
No detection rules found.
No public exploits indexed.
2018-01-08
Published