Lucene search
+L
McafeeEmail And Web Security

10 matches found

CVE
CVE
added 2012/08/22 10:0 a.m.56 views

CVE-2012-4585

CVE-2012-4585 affects McAfee Email and Web Security (EWS) 5.x prior to 5.5 Patch 6 and 5.6 prior to Patch 3, and McAfee Email Gateway (MEG) 7.0 prior to Patch 1. The vulnerability allows remote authenticated users to read arbitrary files via a crafted URL. The available documents do not provide e...

4CVSS6.4AI score0.00937EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.53 views

CVE-2012-4580

The CVE-2012-4580 issue affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. It is a cross-site scripting (XSS) vulnerability that allows a remote attacker to inject arbitrary web script or HTML via vectors r...

4.3CVSS5.8AI score0.01384EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.52 views

CVE-2012-4583

McAfee Email and Web Security (EWS) 5.x up to 5.5 Patch 6 and 5.6 up to Patch 3, and McAfee Email Gateway (MEG) 7.0 up to Patch 1 are affected. The issue lets remote authenticated users obtain other users’ session tokens by navigating within the Dashboard, due to a session-token exposure in the U...

4CVSS6.6AI score0.00937EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.51 views

CVE-2012-4581

The vulnerability CVE-2012-4581 affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. The root cause is that the server-side session token is not invalidated when the Management Console/Dashboard is closed, en...

6.8CVSS6.9AI score0.01209EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.49 views

CVE-2012-4584

McAfee products affected: Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3; McAfee Email Gateway (MEG) 7.0 before Patch 1. The issue: backups are not properly encrypted, enabling remote authenticated users to read a backup file and obtain sensitive data such as password ...

3.5CVSS6.1AI score0.00852EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.48 views

CVE-2012-4586

CVE-2012-4586 affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6, and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. The issue: remote authenticated users can cause a file request to be processed with root privileges, bypassing intended permission checks. T...

3.5CVSS6.5AI score0.00915EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.47 views

CVE-2012-4582

McAfee EWS 5.x (before 5.5 Patch 6) and 5.6 (before Patch 3), and McAfee MEG 7.0 (before Patch 1) are affected by CVE-2012-4582. The vulnerability allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. The impact is administrative cr...

4.9CVSS6.6AI score0.00852EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.47 views

CVE-2012-4595

The CVE-2012-4595 entry concerns McAfee Email and Web Security (EWS) 5.5–Patch6 and 5.6–Patch3, and McAfee Email Gateway (MEG) 7.0.0–7.0.1, where remote attackers can bypass authentication to obtain an admin session ID. The connected document from Tenable (MCAFEE_WEBSHIELD_AUTH_BYPASS.NASL) descr...

7.5CVSS7.2AI score0.02525EPSS
CVE
CVE
added 2012/09/25 10:0 a.m.46 views

CVE-2012-4014

CVE-2012-4014 affects McAfee Email Anti-virus (formerly WebShield SMTP). The vulnerability enables remote denial of service via unspecified vectors; impact is DoS as described by multiple sources. Public details are consistent across NVD, Red Hat, JVN entries, and CVE listings. Remediation is not...

7.8CVSS6.8AI score0.01895EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.43 views

CVE-2012-4597

The CVE-2012-4597 entry describes a cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 (through Patch 6) and 5.6 (through Patch 3), and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1. The issue enables remote attackers to inject arbitrary web script or HTML via vector...

4.3CVSS5.8AI score0.01148EPSS