Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary users Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Content_security_management_appliance | Cisco | 8.3.6-039 (including) | 8.3.6-039 (including) |
| Content_security_management_appliance | Cisco | 9.1.0-31 (including) | 9.1.0-31 (including) |
| Content_security_management_appliance | Cisco | 9.1.0-103 (including) | 9.1.0-103 (including) |