Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4583


Vulnerability Score 4.0 4.0
CVE Id CVE-2012-4583
Last Modified 19 Nov 2012 11:49:32
Published 22 Aug 2012 06:42:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.

Vulnerable Systems


  • Mcafee Email And Web Security 5.0

  • Mcafee Email And Web Security 5.5

  • Mcafee Email And Web Security 5.6

  • Mcafee Email Gateway 7.0



BUGTRAQ - 20120329 NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI

Last Updated: 27 May 2016 11:00:17