CVE-2020-36519
Summary
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- HIGH
- NONE
- NONE
References
Advisory Timeline
- Published