Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4583

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-4583
Last Modified 19 Nov 2012 11:49:32
Published 22 Aug 2012 06:42:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-4583

Summary

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.

Vulnerable Systems

Application

  • Mcafee Email And Web Security 5.0

  • Mcafee Email And Web Security 5.5

  • Mcafee Email And Web Security 5.6

  • Mcafee Email Gateway 7.0


References

CONFIRM - https://kc.mcafee.com/corporate/index?page=content&id=SB10020

BUGTRAQ - 20120329 NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI


Last Updated: 27 May 2016 11:00:17