| Vulnerability Name: | CVE-2012-4583 (CCN-74006) | ||||||||
| Assigned: | 2012-03-13 | ||||||||
| Published: | 2012-03-13 | ||||||||
| Updated: | 2012-11-20 | ||||||||
| Summary: | McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20120329 NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI Source: MITRE Type: CNA CVE-2012-4583 Source: CCN Type: SA48406 McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities Source: CCN Type: BID-52487 McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities Source: XF Type: UNKNOWN mcafee-email-dashboard-session-hijacking(74006) Source: CCN Type: SB10020 EWS 5.5, 5.6, and MEG 7 patches resolve multiple issues Source: CONFIRM Type: Vendor Advisory https://kc.mcafee.com/corporate/index?page=content&id=SB10020 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||