CVE-2012-4595
high
CVSS v3
—
CVSS v2
7.5
VIR risk
7.5
Description
McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://kc.mcafee.com/corporate/index?page=content&id=SB10026
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mcafee | email_and_web_security | 5.5 | |
| mcafee | email_and_web_security | 5.6 | |
| mcafee | email_gateway | 7.0.0 | |
| mcafee | email_gateway | 7.0.1 | |
References
- http://www.securitytracker.com/id?1027444
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77977
- https://kc.mcafee.com/corporate/index?page=content&id=SB10026
- http://www.securitytracker.com/id?1027444
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77977
- https://kc.mcafee.com/corporate/index?page=content&id=SB10026
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.