CVE-2012-4584

low

Published 2012-08-22 · Modified 2026-04-29

CVSS v3

—

CVSS v2

3.5

VIR risk

3.5

Description

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kc.mcafee.com/corporate/index?page=content&id=SB10020

Application impact

Vendor	Product	Versions
mcafee	email_and_web_security	`5.0`
mcafee	email_and_web_security	`5.5`
mcafee	email_and_web_security	`5.6`
mcafee	email_gateway	`7.0`

References

http://archives.neohapsis.com/archives/bugtraq/2012-03/0162.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10020
http://archives.neohapsis.com/archives/bugtraq/2012-03/0162.html
https://kc.mcafee.com/corporate/index?page=content&id=SB10020

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.