PT-2012-5491 · Mcafee · Mcafee Email/Web Security+1

Publicado

2012-08-22

Atualizado

2012-11-20

CVE-2012-4583

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions McAfee Email and Web Security (EWS) versions 5.x through 5.5 before Patch 6 McAfee Email and Web Security (EWS) version 5.6 before Patch 3 McAfee Email Gateway (MEG) versions 7.0 before Patch 1

Description The issue allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.

Recommendations For McAfee Email and Web Security (EWS) versions 5.x through 5.5, apply Patch 6 to resolve the issue. For McAfee Email and Web Security (EWS) version 5.6, apply Patch 3 to resolve the issue. For McAfee Email Gateway (MEG) version 7.0, apply Patch 1 to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2012-4583

Produtos afetados

Mcafee Email Gateway

Mcafee Email/Web Security

PT-2012-5491 · Mcafee · Mcafee Email/Web Security+1

CVE-2012-4583

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3