CVE-2011-1424

Name of the Vulnerable Software and Affected Versions EMC SourceOne Email Management versions prior to 6.6 SP1

Description The issue arises from the default configuration of ExShortcutWeb.config in EMC SourceOne Email Management, specifically when the Mobile Services component is utilized. The localOnly attribute of the trace element is not properly set, allowing remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.

Recommendations For versions prior to 6.6 SP1, update to version 6.6 SP1 or later to resolve the issue. As a temporary workaround, consider setting the localOnly attribute of the trace element to true in the ExShortcutWeb.config file to restrict access to ASP.NET Application Tracing.