CVE-2020-36519

{"id": "CVE-2020-36519", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2022-03-16T00:15:07.900", "references": [{"url": "https://wesleyk.me/2020/01/10/my-first-vulnerability-mimecast-sender-address-verification/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://wesleyk.me/2020/01/10/my-first-vulnerability-mimecast-sender-address-verification/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)"}, {"lang": "es", "value": "Mimecast Email Security versiones anteriores a 10-01-2020 permite a cualquier administrador falsificar cualquier dominio y pasar la alineaci\u00f3n DMARC por medio de SPF. Esto ocurre por el uso inapropiado de la funcionalidad address rewrite. (El dominio que es suplantado debe ser un cliente de la red de Mimecast desde el que es producida la suplantaci\u00f3n)"}], "lastModified": "2024-11-21T05:29:44.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mimecast:email_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3698DB9-5F90-4C1D-BF66-39BA8F362EEA", "versionEndExcluding": "2020-01-10"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}