PT-2012-5492 · Mcafee · Mcafee Email/Web Security+1
Published
2012-08-22
·
Updated
2012-10-30
·
CVE-2012-4584
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
McAfee Email and Web Security (EWS) versions 5.x through 5.5 before Patch 6
McAfee Email and Web Security (EWS) version 5.6 before Patch 3
McAfee Email Gateway (MEG) version 7.0 before Patch 1
Description
The issue allows remote authenticated users to obtain sensitive information by reading a backup file. This is because the system-backup data is not properly encrypted, making it easier for attackers to access sensitive information, such as password hashes.
Recommendations
For McAfee Email and Web Security (EWS) versions 5.x through 5.5, apply Patch 6 to resolve the issue.
For McAfee Email and Web Security (EWS) version 5.6, apply Patch 3 to resolve the issue.
For McAfee Email Gateway (MEG) version 7.0, apply Patch 1 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcafee Email Gateway
Mcafee Email/Web Security