PT-2012-5491 · Mcafee · Mcafee Email/Web Security+1

Published

2012-08-22

Updated

2012-11-20

CVE-2012-4583

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions McAfee Email and Web Security (EWS) versions 5.x through 5.5 before Patch 6 McAfee Email and Web Security (EWS) version 5.6 before Patch 3 McAfee Email Gateway (MEG) versions 7.0 before Patch 1

Description The issue allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.

Recommendations For McAfee Email and Web Security (EWS) versions 5.x through 5.5, apply Patch 6 to resolve the issue. For McAfee Email and Web Security (EWS) version 5.6, apply Patch 3 to resolve the issue. For McAfee Email Gateway (MEG) version 7.0, apply Patch 1 to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-4583

Affected Products

Mcafee Email Gateway

Mcafee Email/Web Security

PT-2012-5491 · Mcafee · Mcafee Email/Web Security+1

CVE-2012-4583

Weakness Enumeration

Related Identifiers

Affected Products

References · 3