CVE-2015-4322 - Saving Reduction

Description

Cisco Content Security Management Appliance (SMA) 8.3.6-039 9.1.0-31 and 9.1.0-103 improperly restricts the privileges available after LDAP authentication which allows remote authenticated users to read or write to an arbitrary user’s Spam Quarantine folder by visiting a spam-notification URL aka Bug ID CSCuv65894.

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=40450 http://www.securityfocus.com/bid/76365 http://www.securitytracker.com/id/1033322