Lucene search

[email protected]CVE-2012-4584

HistoryAug 22, 2012 - 10:42 a.m.

CVE-2012-4584

2012-08-2210:42:04

CWE-310

[email protected]

web.nvd.nist.gov

cve-2012-4584

mcafee

email gateway

email and web security

ews

meg

encryption

information security

vulnerability

6.1 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

38.0%

JSON

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes.

Affected configurations

NVD

Node

mcafeeemail_and_web_securityMatch5.0

mcafeeemail_and_web_securityMatch5.5

mcafeeemail_and_web_securityMatch5.6

mcafeeemail_gatewayMatch7.0

CPENameOperatorVersion
mcafee:email_and_web_securitymcafee email and web securityeq5.0
mcafee:email_and_web_securitymcafee email and web securityeq5.5
mcafee:email_and_web_securitymcafee email and web securityeq5.6
mcafee:email_gatewaymcafee email gatewayeq7.0

CPE	Name	Operator	Version
mcafee:email_and_web_security	mcafee email and web security	eq	5.0
mcafee:email_and_web_security	mcafee email and web security	eq	5.5
mcafee:email_and_web_security	mcafee email and web security	eq	5.6
mcafee:email_gateway	mcafee email gateway	eq	7.0

References

archives.neohapsis.com/archives/bugtraq/2012-03/0162.html

kc.mcafee.com/corporate/index?page=content&id=SB10020

6.1 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

38.0%

JSON

Related for CVE-2012-4584

prion1 nvd1 cvelist1