Lucene search

[email protected]CVE-2015-6846

HistoryOct 18, 2015 - 2:59 p.m.

CVE-2015-6846

2015-10-1814:59:03

CWE-255

[email protected]

web.nvd.nist.gov

emc sourceone

email supervisor

hardcoded encryption keys

unauthorized access

vulnerability

cve-2015-6846

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program’s code conducts cryptographic operations.

Affected configurations

NVD

Node

emcsourceone_email_supervisorRange≤7.1

CPENameOperatorVersion
emc:sourceone_email_supervisoremc sourceone email supervisorle7.1

CPE	Name	Operator	Version
emc:sourceone_email_supervisor	emc sourceone email supervisor	le	7.1

References

packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html

seclists.org/bugtraq/2015/Oct/58

www.securitytracker.com/id/1033787

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVE-2015-6846

prion1 cvelist1 nvd1