7 results (0.010 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session. Receive Service en Websense Email Security anterior a v7.1 no reconoce las extensiones de dominio en una lista negra (blacklist), lo cual permite a atacantes remotos saltarse las restricciones de acceso establecidas y enviar mensajes de correo electrónico a través de una sesión SMTP. • http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size. Rules Service en Websense Email Security anterior a v7.1 permite a atacantes remotos causar una denegación de servicio (caída del servicio) a través de un adjunto con un tamaño manipulado. • http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session. Websense Email Security anterior a v7.1 Hotfix 4 permite a atacantes remotos evitar la lista negra de remitentes utilizando la palabra clave 8BITMIME EHLO en la sesión SMTP. • http://www.websense.com/support/article/t-kbarticle/Hotfix-4-for-Websense-Email-Security-v7-1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

The Personal Email Manager component in Websense Email Security before 7.2 allows remote attackers to obtain potentially sensitive information from the JBoss status page via an unspecified query. El componente Personal Email Manager en Websense Email Security anterior a v7.2 permite a atacantes remotos obtener información sensible de la página de estado de JBoss a través de una consulta sin especificar. • http://www.websense.com/content/support/library/email/v72wes/release_notes/WES72_ReleaseNotes.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/78449 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. La configuración por defecto en el componente SMTP en Websense Email Security v6.1 hasta la v7.3 utiliza cifrado SSL débil en la clave de registro en "SurfControl plc\SuperScout Email Filter\SMTP", lo cual hace posible para un atacante remoto obtener información sensible por medio del pinchado de la red y la realización de un ataque por fuerza bruta contra los datos encriptados de la sesión. • http://www.securityfocus.com/bid/64758 http://www.websense.com/support/article/kbarticle/SSL-TLS-weak-and-export-ciphers-detected-in-Websense-Email-Security-deployments https://exchange.xforce.ibmcloud.com/vulnerabilities/78131 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •