Medium severity6.5NVD Advisory· Published Feb 8, 2018· Updated Jun 17, 2026

CVE-2018-0140

Description

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Cisco Systems, Inc./Email Security Appliance Firmwarellm-fuzzy
Cisco Systems, Inc./Content Security Management Appliancellm-fuzzy

Patches

Vulnerability mechanics

References

www.securityfocus.com/bid/103090nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1040338nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1040339nvdThird Party AdvisoryVDB Entry
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-esacsmnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000