Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Totemo | Encryption Gateway | <= 6.0.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/147648/Totemomail-Encryption-Gateway-6.0.0_ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/542015/100/0/threaded
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/44631/ExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/147648/Totemomail-Encryption-Gateway-6.0.0_ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/542015/100/0/threaded
- https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/44631/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-6563?
CVE-2018-6563 is a vulnerability with a CVSS score of 8.8 (HIGH). Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) ch...
How severe is CVE-2018-6563?
CVE-2018-6563 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6563?
Check the references section above for vendor advisories and patch information. Affected products include: Totemo Encryption Gateway.