Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4582

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2012-4582
Last Modified 19 Nov 2012 11:49:32
Published 22 Aug 2012 06:42:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-4582

Summary

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors.

Vulnerable Systems

Application

  • Mcafee Email And Web Security 5.0

  • Mcafee Email And Web Security 5.5

  • Mcafee Email And Web Security 5.6

  • Mcafee Email Gateway 7.0


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10020

BUGTRAQ - 20120329 NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators


Last Updated: 27 May 2016 10:56:40