Email Security Vulnerability in Mimecast Product
CVE-2020-36519

4.9MEDIUM

Key Information:

Vendor: Mimecast
Status: Email Security
Vendor: CVE Published:; 16 March 2022

What is CVE-2020-36519?

The Mimecast Email Security product allows administrators to spoof any domain, which can potentially undermine email integrity. This vulnerability arises due to the improper use of the address rewrite feature, permitting an attacker to manipulate the sender's address and bypass DMARC alignment. For successful exploitation, the spoofed domain must belong to a customer within the Mimecast grid from which the spoofing occurs, leading to possible phishing attacks and disruption of communication for affected clients.

References

https://wesleyk.me/2020/01/10/my-first-vulnerability-mime...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2022
Vulnerability Reserved
Mar 15, 2022

CVE-2020-36519 Data

JSON