CVE-2020-36519 — MEDIUM (4.9)

Q: How severe is CVE-2020-36519?

CVE-2020-36519 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-36519?

Check the references section above for vendor advisories and patch information. Affected products include: Mimecast Email Security.

Vulnerability Description

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Mimecast	Email Security	< 2020-01-10

References

https://wesleyk.me/2020/01/10/my-first-vulnerability-mimecast-sender-address-verExploitThird Party Advisory
https://wesleyk.me/2020/01/10/my-first-vulnerability-mimecast-sender-address-verExploitThird Party Advisory

FAQ

What is CVE-2020-36519?

CVE-2020-36519 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed m...

How severe is CVE-2020-36519?

CVE-2020-36519 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-36519?

Check the references section above for vendor advisories and patch information. Affected products include: Mimecast Email Security.