CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4595
https://notcve.org/view.php?id=CVE-2012-4595
22 Aug 2012 — McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. McAfee Email y Web Security (EWS) v5.5 hasta Patch 6 y v5.6 hasta Patch 3, y McAfee Email Gateway (MEG) v7.0.0 y v7.0.1, permite a atacantes remotos a evitar la autenticación y obtener una ID de sesión de administrador a través de vectores no especificados. • http://www.securitytracker.com/id?1027444 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4596
https://notcve.org/view.php?id=CVE-2012-4596
22 Aug 2012 — Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en McAfee Email Gateway (MEG) v7.0.0 y v7.0.1, cuando está habilitado register_globals, permite a usuarios remotos autenticados a evitar las restricciones de acceso establecidas y descargar ficheros a través de una URL modificada. • http://www.securitytracker.com/id?1027444 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4597
https://notcve.org/view.php?id=CVE-2012-4597
22 Aug 2012 — Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en McAfee Email y Web Security (EWS) v5.5 hasta Patch 6 y v5.6 hasta Patch 3, y McAfee Email Gateway (MEG) v7.0.0 ... • http://www.securitytracker.com/id?1027444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •