Lucene search
K
McafeeEmail Gateway

20 matches found

CVE
CVE
added 2020/09/16 1:20 a.m.68 views

CVE-2020-7268

CVE-2020-7268 affects McAfee Email Gateway (MEG) prior to version 7.6.406, where a path traversal vulnerability allows remote attackers to construct input that accesses files/directories outside the restricted directory. The issue stems from how external input is used to form file paths in the ME...

4.3CVSS4.6AI score0.00979EPSS
CVE
CVE
added 2009/04/30 8:0 p.m.60 views

CVE-2009-1348

CVE-2009-1348 affects McAfee antivirus products (VirusScan, Total Protection, Internet Security, SecurityShield for ISA Server/SharePoint, Security for Email Servers/Email Gateway, Active Virus Defense, etc.). The issue is a virus-detection bypass caused by malformed archive metadata in ZIP/RAR f...

7.6CVSS6.7AI score0.02835EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.55 views

CVE-2012-4585

CVE-2012-4585 affects McAfee Email and Web Security (EWS) 5.x prior to 5.5 Patch 6 and 5.6 prior to Patch 3, and McAfee Email Gateway (MEG) 7.0 prior to Patch 1. The vulnerability allows remote authenticated users to read arbitrary files via a crafted URL. The available documents do not provide e...

4CVSS6.4AI score0.00937EPSS
CVE
CVE
added 2013/11/02 9:0 p.m.55 views

CVE-2013-6349

The MEG vulnerability CVE-2013-6349 affects McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1. It allows remote authenticated users to execute arbitrary commands via unspecified vectors. The Connected documents corroborate the affected versions and the impact, but do not supply a r...

8.5CVSS7.4AI score0.02479EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.53 views

CVE-2012-4580

The CVE-2012-4580 issue affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. It is a cross-site scripting (XSS) vulnerability that allows a remote attacker to inject arbitrary web script or HTML via vectors r...

4.3CVSS5.8AI score0.01384EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.51 views

CVE-2012-4583

McAfee Email and Web Security (EWS) 5.x up to 5.5 Patch 6 and 5.6 up to Patch 3, and McAfee Email Gateway (MEG) 7.0 up to Patch 1 are affected. The issue lets remote authenticated users obtain other users’ session tokens by navigating within the Dashboard, due to a session-token exposure in the U...

4CVSS6.6AI score0.00937EPSS
CVE
CVE
added 2013/12/13 6:0 p.m.51 views

CVE-2013-7092

Summary (CVE-2013-7092, -7103, -7104) : McAfee Email Gateway (MEG) 7.6.x is affected by multiple vulnerabilities across the administrative web interface. The primary issue for CVE-2013-7092 is unaffiltered input in the JSON keys (events_col, event_id, reason, events_order, emailstatus_order, emai...

6.5CVSS8.1AI score0.01898EPSS
Web
CVE
CVE
added 2013/12/14 5:0 p.m.51 views

CVE-2013-7104

McAfee Email Gateway 7.6 is affected by CVE-2013-7104, where remote authenticated administrators can execute arbitrary commands by supplying them in the value attribute of the Command or Script XML elements. This issue can be chained with CVE-2013-7092 to enable broader command execution. Connect...

9CVSS7.3AI score0.04316EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.50 views

CVE-2012-4581

The vulnerability CVE-2012-4581 affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. The root cause is that the server-side session token is not invalidated when the Management Console/Dashboard is closed, en...

6.8CVSS6.9AI score0.01209EPSS
CVE
CVE
added 2015/02/17 3:0 p.m.50 views

CVE-2015-1619

CVE-2015-1619 affects McAfee Email Gateway (MEG) Secure Web Mail Client UI. Multiple sources describe an XSS vulnerability in the UI that permits remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. Affected versions include MEG 7.6.x before...

3.5CVSS5.4AI score0.0108EPSS
CVE
CVE
added 2016/04/06 6:0 p.m.50 views

CVE-2016-3969

McAfee Email Gateway (MEG) 7.6.x prior to 7.6.404 is affected by a cross-site scripting (XSS) vulnerability when File Filtering is enabled and the action is ESERVICES:REPLACE. An unauthenticated, remote attacker can exploit this by sending an attachment in a blocked email to trigger script execut...

6.1CVSS6AI score0.01009EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.49 views

CVE-2012-4596

CVE-2012-4596 is a directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 . The issue allows remote authenticated users to bypass access restrictions and download arbitrary files via a crafted URL, potentially impacting confidentiality. The documents explicitly describe t...

4.3CVSS6.4AI score0.02588EPSS
CVE
CVE
added 2017/03/14 10:0 p.m.48 views

CVE-2016-8005

CVE-2016-8005 is a file-extension filtering vulnerability in Intel Security McAfee Email Gateway (MEG) prior to 7.6.404h1128596. An attacker can bypass proper filename detection by forging a filename with a null byte in the extension, as described in NVD and relatedOpenVAS entries. Affected produ...

6.5CVSS6.3AI score0.00719EPSS
CVE
CVE
added 2010/05/28 8:0 p.m.47 views

CVE-2010-2116

The affected product is McAfee Email Gateway (formerly IronMail) version 6.7.1. The vulnerability is in the web interface, where remote authenticated users with only Read privileges can gain Write privileges by sending a direct request to admin/systemWebAdminConfig.do via the save action, allowin...

6.5CVSS6.7AI score0.02307EPSS
Web
CVE
CVE
added 2012/08/22 10:0 a.m.47 views

CVE-2012-4586

CVE-2012-4586 affects McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6, and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1. The issue: remote authenticated users can cause a file request to be processed with root privileges, bypassing intended permission checks. T...

3.5CVSS6.5AI score0.00915EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.46 views

CVE-2012-4582

McAfee EWS 5.x (before 5.5 Patch 6) and 5.6 (before Patch 3), and McAfee MEG 7.0 (before Patch 1) are affected by CVE-2012-4582. The vulnerability allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. The impact is administrative cr...

4.9CVSS6.6AI score0.00852EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.46 views

CVE-2012-4584

McAfee products affected: Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3; McAfee Email Gateway (MEG) 7.0 before Patch 1. The issue: backups are not properly encrypted, enabling remote authenticated users to read a backup file and obtain sensitive data such as password ...

3.5CVSS6.1AI score0.00852EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.46 views

CVE-2012-4595

The CVE-2012-4595 entry concerns McAfee Email and Web Security (EWS) 5.5–Patch6 and 5.6–Patch3, and McAfee Email Gateway (MEG) 7.0.0–7.0.1, where remote attackers can bypass authentication to obtain an admin session ID. The connected document from Tenable (MCAFEE_WEBSHIELD_AUTH_BYPASS.NASL) descr...

7.5CVSS7.2AI score0.02525EPSS
CVE
CVE
added 2013/12/14 5:0 p.m.46 views

CVE-2013-7103

CVE-2013-7103 affects McAfee Email Gateway 7.6. Remote authenticated administrators can execute arbitrary commands by injecting shell metacharacters in the value attribute of a TestFile XML element or in the hostname. This is a command-injection in the administrative web interface and can be comb...

9CVSS7.3AI score0.04316EPSS
CVE
CVE
added 2012/08/22 10:0 a.m.43 views

CVE-2012-4597

The CVE-2012-4597 entry describes a cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 (through Patch 6) and 5.6 (through Patch 3), and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1. The issue enables remote attackers to inject arbitrary web script or HTML via vector...

4.3CVSS5.8AI score0.01148EPSS