cbcvebase.
CVE-2018-3815
published 2018-01-08

CVE-2018-3815: The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol…

PriorityP428medium5.7CVSS 3.0
AVNACLPRLUIRSUCNIHAN
EPSS
0.89%
54.9th percentile
The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements.

Affected

1 ranges
VendorProductVersion rangeFixed in
stalkercommunigate_pro

CVSS provenance

nvdv3.05.7MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.