Email And Web Security@5.5 Security Vulnerabilities and Issues — Email And Web Security@5.5 CVE List

Lucene search

McafeeEmail And Web Security5.5

10 matches found

CVE•added 2012/08/22 10:42 a.m.•39 views

CVE-2012-4585

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL.

4CVSS6.4AI score0.00162EPSS

CVE•added 2012/08/22 10:42 a.m.•37 views

CVE-2012-4580

Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Manag...

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2012/08/22 10:42 a.m.•37 views

CVE-2012-4583

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.

4CVSS6.6AI score0.00162EPSS

CVE•added 2012/08/22 10:42 a.m.•36 views

CVE-2012-4581

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by...

6.8CVSS6.9AI score0.00365EPSS

CVE•added 2012/08/22 10:42 a.m.•33 views

CVE-2012-4582

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors.

4.9CVSS6.6AI score0.00157EPSS

CVE•added 2012/08/22 10:42 a.m.•33 views

CVE-2012-4584

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demon...

3.5CVSS6.1AI score0.00162EPSS

CVE•added 2012/08/22 10:42 a.m.•33 views

CVE-2012-4586

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file.

3.5CVSS6.5AI score0.00156EPSS

CVE•added 2012/09/25 11:7 a.m.•32 views

CVE-2012-4014

Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors.

7.8CVSS6.8AI score0.00453EPSS

CVE•added 2012/08/22 10:42 a.m.•30 views

CVE-2012-4595

McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors.

7.5CVSS7.2AI score0.0035EPSS

CVE•added 2012/08/22 10:42 a.m.•30 views

CVE-2012-4597

Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management...

4.3CVSS5.8AI score0.00296EPSS