Lucene search

[email protected]CVE-2012-6452

HistoryMay 27, 2014 - 2:55 p.m.

CVE-2012-6452

2014-05-2714:55:00

CWE-287

[email protected]

web.nvd.nist.gov

axway secure messenger

user enumeration

authentication

security vulnerability

nvd

cve-2012-6452

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.7%

JSON

Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.

CPENameOperatorVersion
axway:email_firewallaxway email firewalleq-
axway:secure_messengeraxway secure messengereq6.3.2
axway:secure_messengeraxway secure messengerle6.5.0

CPE	Name	Operator	Version
axway:email_firewall	axway email firewall	eq	-
axway:secure_messenger	axway secure messenger	eq	6.3.2
axway:secure_messenger	axway secure messenger	le	6.5.0

References

archives.neohapsis.com/archives/bugtraq/2013-01/0076.html

www.securityfocus.com/bid/57457

exchange.xforce.ibmcloud.com/vulnerabilities/81388

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for CVE-2012-6452

securityvulns2 prion1