Lucene search

[email protected]CVE-2013-7103

HistoryDec 14, 2013 - 5:21 p.m.

CVE-2013-7103

2013-12-1417:21:47

CWE-78

[email protected]

web.nvd.nist.gov

mcafee

email gateway

cve-2013-7103

testfile

xml

command execution

security vulnerability

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the value attribute in a (1) TestFile XML element or the (2) hostname. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands.

Affected configurations

NVD

Node

mcafeeemail_gatewayMatch7.6

CPENameOperatorVersion
mcafee:email_gatewaymcafee email gatewayeq7.6

CPE	Name	Operator	Version
mcafee:email_gateway	mcafee email gateway	eq	7.6

References

osvdb.org/100581

packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html

seclists.org/fulldisclosure/2013/Dec/18

www.securityfocus.com/bid/64150

exchange.xforce.ibmcloud.com/vulnerabilities/90162

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2013-7103

nvd3 prion3 cvelist3 nessus1 openvas1 seebug2 cve2