CVE-2012-4595
https://notcve.org/view.php?id=CVE-2012-4595
McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. McAfee Email y Web Security (EWS) v5.5 hasta Patch 6 y v5.6 hasta Patch 3, y McAfee Email Gateway (MEG) v7.0.0 y v7.0.1, permite a atacantes remotos a evitar la autenticación y obtener una ID de sesión de administrador a través de vectores no especificados. • http://www.securitytracker.com/id?1027444 https://exchange.xforce.ibmcloud.com/vulnerabilities/77977 https://kc.mcafee.com/corporate/index?page=content&id=SB10026 • CWE-287: Improper Authentication •
CVE-2012-4596
https://notcve.org/view.php?id=CVE-2012-4596
Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en McAfee Email Gateway (MEG) v7.0.0 y v7.0.1, cuando está habilitado register_globals, permite a usuarios remotos autenticados a evitar las restricciones de acceso establecidas y descargar ficheros a través de una URL modificada. • http://www.securitytracker.com/id?1027444 https://kc.mcafee.com/corporate/index?page=content&id=SB10026 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •