CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4014
https://notcve.org/view.php?id=CVE-2012-4014
Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en McAfee Email Anti-virus (formalmente WebShield SMTP) permite a atacantes remotos provocar una denegación de servicio a través de vectores desconocidos. • http://jvn.jp/en/jp/JVN50701493/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000086 •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4585
https://notcve.org/view.php?id=CVE-2012-4585
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL. McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión 3 y McAfee Email Gateway (MEG) v7.0 antes de la revisión 1 permiten leer archivos de su elección a usuarios remotos autenticados a través de una URL maliciosa. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0163.html https://kc.mcafee.com/corporate/index?page=content&id=SB10020 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4597
https://notcve.org/view.php?id=CVE-2012-4597
Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en McAfee Email y Web Security (EWS) v5.5 hasta Patch 6 y v5.6 hasta Patch 3, y McAfee Email Gateway (MEG) v7.0.0 y v7.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través vectores relacionados con McAfee Security Appliance Management Console/Dashboard. • http://www.securitytracker.com/id?1027444 https://exchange.xforce.ibmcloud.com/vulnerabilities/77979 https://kc.mcafee.com/corporate/index?page=content&id=SB10026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4583
https://notcve.org/view.php?id=CVE-2012-4583
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. McAfee Email and Web Security v5.x (EWS) antes de v5.5 Patch 6 y v5.6 antes de la revisión 3 y McAfee Email Gateway (MEG) v7.0 antes de la revisión 1 permiten a usuarios remotos autenticados obtener tokens de sesión de usuarios de su elección, navegando en el 'Dashboard'. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0161.html https://kc.mcafee.com/corporate/index?page=content&id=SB10020 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-4595
https://notcve.org/view.php?id=CVE-2012-4595
McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. McAfee Email y Web Security (EWS) v5.5 hasta Patch 6 y v5.6 hasta Patch 3, y McAfee Email Gateway (MEG) v7.0.0 y v7.0.1, permite a atacantes remotos a evitar la autenticación y obtener una ID de sesión de administrador a través de vectores no especificados. • http://www.securitytracker.com/id?1027444 https://exchange.xforce.ibmcloud.com/vulnerabilities/77977 https://kc.mcafee.com/corporate/index?page=content&id=SB10026 • CWE-287: Improper Authentication •