Lucene search

[email protected]CVE-2012-4583

HistoryAug 22, 2012 - 10:42 a.m.

CVE-2012-4583

2012-08-2210:42:00

CWE-200

[email protected]

web.nvd.nist.gov

mcafee

ews

meg

cve-2012-4583

security vulnerability

token theft

7.2 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.

CPENameOperatorVersion
mcafee:email_and_web_securitymcafee email and web securityeq5.6
mcafee:email_and_web_securitymcafee email and web securityeq5.0
mcafee:email_and_web_securitymcafee email and web securityeq5.5
mcafee:email_gatewaymcafee email gatewayeq7.0

CPE	Name	Operator	Version
mcafee:email_and_web_security	mcafee email and web security	eq	5.6
mcafee:email_and_web_security	mcafee email and web security	eq	5.0
mcafee:email_and_web_security	mcafee email and web security	eq	5.5
mcafee:email_gateway	mcafee email gateway	eq	7.0

References

archives.neohapsis.com/archives/bugtraq/2012-03/0161.html

kc.mcafee.com/corporate/index?page=content&id=SB10020

7.2 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for CVE-2012-4583

prion1 cvelist1