Lucene search

[email protected]NVD:CVE-2010-2116

HistoryMay 28, 2010 - 8:30 p.m.

CVE-2010-2116

2010-05-2820:30:01

CWE-732

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.5%

JSON

The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.

Affected configurations

NVD

Node

mcafeeemail_gatewayMatch6.7.1

mcafeesecure_mailMatch6.7.1

References

osvdb.org/64832

secunia.com/advisories/39881

www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf

www.securitytracker.com/id?1024018

www.vupen.com/english/advisories/2010/1239

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.5%

JSON

Related for NVD:CVE-2010-2116

cve1 prion1 cvelist1