CVE-2018-3815
MEDIUMCommuniGate Pro 6.2 - Authenticated Email Spoofing via XIMSS Protocol Validation Bypass
Title source: llmDescription
The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements.
References (1)
Core 1
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/145724/communigatepro62-spoof
Scores
CVSS v3
5.7
EPSS
0.0089
EPSS Percentile
54.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (1)
stalker/communigate_pro
6.2
Published
Jan 08, 2018
Tracked Since
Feb 18, 2026