Skip to main content

CVE-2020-36519

Severity Medium
Score 4.9/10

Summary

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • HIGH
  • NONE
  • NONE

References

Advisory Timeline

  • Published