CVE-2018-15448 (CNNVD-201811-185)
中文标题:
Cisco Registered Envelope Service 信息泄露漏洞
英文标题:
Cisco Registered Envelope Service Information Disclosure Vulnerability
漏洞描述
中文描述:
Cisco Registered Envelope Service是美国思科(Cisco)公司的一套邮件服务解决方案。该产品包括邮件的读取回执、邮件回收、邮件转发和回复功能,并提供智能手机支持。 Cisco Registered Envelope Service的用户管理功能中存在信息泄露漏洞。远程攻击者可利用该漏洞获取敏感的用户信息。
英文描述:
A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Registered Envelope Service | n/a | - | - |
cpe:2.3:a:cisco:cisco_registered_envelope_service:n_a:*:*:*:*:*:*:*
|
| cisco | registered_envelope_service | - | - | - |
cpe:2.3:a:cisco:registered_envelope_service:-:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.0 (cna)
MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2018-15448 |
2025-11-11 15:19:42 | 2025-11-11 07:35:07 |
| NVD | nvd_CVE-2018-15448 |
2025-11-11 14:56:00 | 2025-11-11 07:43:41 |
| CNNVD | cnnvd_CNNVD-201811-185 |
2025-11-11 15:10:07 | 2025-11-11 07:54:07 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-201811-185
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 2
- data_sources: ['cve'] -> ['cve', 'nvd']