ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability. EMC Identifier: ESA-2012-003 CVE Identifier: CVE-2011-4142 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected products: EMC SourceOne Emai...

CVE-2011-4142

The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files...

CVE-2011-4142

The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files...

CVE-2011-4142

The CVE-2011-4142 issue affects EMC SourceOne Email Management’s Web Search feature (versions 6.5 prior to 6.5.2.4033; 6.6 prior to 6.6.1.2194; 6.7 prior to 6.7.2.2033). According to connected sources, the vulnerability causes cleartext credentials to be written to OS log files, enabling local us...

CVE-2011-1424

The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET...

Default configuration

The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET...

CVE-2011-1424

The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET...

CVE-2011-1424

EMC SourceOne Email Management (before 6.6 SP1) with Mobile Services enabled contains a trace/configuration flaw in ExShortcut/Web.config: the trace element localOnly flag is not set to true. This enables the ASP.NET Application Tracing file to potentially disclose application-sensitive informati...

EMC SourceOne产品ASP.NET应用跟踪信息泄露漏洞

Bugtraq ID: 47862 CVE ID：CVE-2011-1424 EMC SourceOne Email Management是一款电子邮件管理和监控软件。 启用了ASP.NET应用跟踪的EMC SourceOne Email Management存在安全漏洞，此跟踪文件包含应用程序的敏感信息，远程验证用户可调用ASP.NET应用跟踪从此文件中获得敏感信息。 EMC SourceOne Email Management for Notes/Domino 6.6.0.1209 HF1 EMC SourceOne Email Management for Notes/Domino...

ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability. EMC Identifier: ESA-2011-016 CVE Identifier: CVE-2011-1424 Severity Rating: CVSS v2 Base Score: 6.8 AV:N/AC:L/Au:S/C:C/I:N/A:N Affected products: EMC SW: EMC...