Lucene search

[email protected]CVE-2015-6843

HistoryOct 18, 2015 - 2:59 p.m.

CVE-2015-6843

2015-10-1814:59:00

CWE-200

[email protected]

web.nvd.nist.gov

emc sourceone

email supervisor

authentication bypass

cve-2015-6843

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.5%

JSON

Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach.

Affected configurations

NVD

Node

emcsourceone_email_supervisorRange≤7.1

CPENameOperatorVersion
emc:sourceone_email_supervisoremc sourceone email supervisorle7.1

CPE	Name	Operator	Version
emc:sourceone_email_supervisor	emc sourceone email supervisor	le	7.1

References

packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html

seclists.org/bugtraq/2015/Oct/58

www.securitytracker.com/id/1033787

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.5%

JSON

Related for CVE-2015-6843

prion1 nvd1 cvelist1