Publish date
15 August 2019
Identifier
CVE-2018-15513
Manufacturer
Totemo AG
Product
Totemomail 6.0.0
Patched
Fixed in totemomail 6.0 to build 578
Authors
Michael Skiba, Andre Waldhoff, Carsten Sandker
Description
Log viewer in totemomail 6.0.0 build 570 allows access to session IDs of high privileged users by leveraging access to a read-only auditor role.