CVE-2018-15513

Privilege Escalation

Publish date

15 August 2019

Identifier

CVE-2018-15513

Manufacturer

Totemo AG

Product

Totemomail 6.0.0

Patched

Fixed in totemomail 6.0 to build 578

Authors

Michael Skiba, Andre Waldhoff, Carsten Sandker

Description

Log viewer in totemomail 6.0.0 build 570 allows access to session IDs of high privileged users by leveraging access to a read-only auditor role.

 

CREST
CREST STAR
CHECK IT Health Check Service
CBEST
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider