CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-8274
https://notcve.org/view.php?id=CVE-2020-8274
06 Jan 2021 — Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. Citrix Secure Mail para Android versiones anteriores a 20.11.0, sufre de un Control Inapropiado de la Generación de Código ("Code Injection") al permitir el acceso no ... • https://support.citrix.com/article/CTX286763 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8275
https://notcve.org/view.php?id=CVE-2020-8275
06 Jan 2021 — Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. Citrix Secure Mail para Android versiones anteriores a 20.11.0, sufre de un control de acceso inapropiado permitiendo el acceso no autenticado para leer datos limitados relacionad... • https://support.citrix.com/article/CTX286763 • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2010-2116
https://notcve.org/view.php?id=CVE-2010-2116
28 May 2010 — The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do. La interfaz web en McAfee Email Gateway (formerly IronMail) v6.7.1 permite a usuarios autenticados remotamente, sólo con privilegios de lectura, obtener prvilegios de escritura modificando la configuración a través de una acción "save" en una petición directa... • http://osvdb.org/64832 • CWE-732: Incorrect Permission Assignment for Critical Resource •