Lucene search

[email protected]CVE-2012-4586

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4586

2022-10-0316:15:33

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-4586

mcafee

email and web security

ews

email gateway

meg

privilege escalation

file access

remote authenticated users

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.4%

JSON

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file.

Affected configurations

NVD

Node

mcafeeemail_and_web_securityMatch5.0

mcafeeemail_and_web_securityMatch5.5

mcafeeemail_and_web_securityMatch5.6

mcafeeemail_gatewayMatch7.0

CPENameOperatorVersion
mcafee:email_and_web_securitymcafee email and web securityeq5.0
mcafee:email_and_web_securitymcafee email and web securityeq5.5
mcafee:email_and_web_securitymcafee email and web securityeq5.6
mcafee:email_gatewaymcafee email gatewayeq7.0

CPE	Name	Operator	Version
mcafee:email_and_web_security	mcafee email and web security	eq	5.0
mcafee:email_and_web_security	mcafee email and web security	eq	5.5
mcafee:email_and_web_security	mcafee email and web security	eq	5.6
mcafee:email_gateway	mcafee email gateway	eq	7.0

References

kc.mcafee.com/corporate/index?page=content&id=SB10020

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for CVE-2012-4586

prion1 cvelist1 nvd1