Primary

Context

VINCE Vulnerability Information and Coordination Environment From Address Authentication Vulnerability

Vulnerability

Patched

A vulnerability exists in VINCE versions 3.0.38 and earlier, where the application fails to properly verify the authenticity of the From address. This issue arises from encoding confusion, allowing the From address to be misused for automated actions such as ticket creation and updates. The vulnerability is rooted in the application's handling of email addresses, particularly in the context of coordinating vulnerability disclosures.

Impact

Exploitation of this vulnerability could lead to unauthorized or erroneous ticket actions, such as creating or updating tickets with incorrect information or on behalf of the wrong individual.

Added: May 7, 2026, 8:24 PM

Updated: May 7, 2026, 8:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

8.1

remediation

7.7

relevance

7.7

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

8.1

remediation

7.7

relevance

7.7

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VINCE Vulnerability Information and Coordination Environment From Address Authentication Vulnerability

Vulnerability

Impact

Affected Products

CERT Coordination Center VINCE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating