CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
38.1%
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes.
Vendor | Product | Version | CPE |
---|---|---|---|
mcafee | email_and_web_security | 5.0 | cpe:2.3:a:mcafee:email_and_web_security:5.0:*:*:*:*:*:*:* |
mcafee | email_and_web_security | 5.5 | cpe:2.3:a:mcafee:email_and_web_security:5.5:*:*:*:*:*:*:* |
mcafee | email_and_web_security | 5.6 | cpe:2.3:a:mcafee:email_and_web_security:5.6:*:*:*:*:*:*:* |
mcafee | email_gateway | 7.0 | cpe:2.3:a:mcafee:email_gateway:7.0:*:*:*:*:*:*:* |