CVE-2011-1424
Severity Score
3.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.
La configuración por defecto de ExShortcut\Web.config en EMC SourceOne Email Management anteriores a v6.6 Service Pack 1, cuando se utiliza el componente Mobile Services, no fija de forma adecuada el atributo localOnly de la traza del elemento, lo que permite a usuarios remotos autenticados a obtener información sensible a través de la aplicación ASP.NET Application Tracing.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-03-14 CVE Reserved
- 2011-05-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-16: Configuration
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/8258 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/518003/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Sourceone Email Management Search vendor "Emc" for product "Sourceone Email Management" | <= 6.6.0.1209 Search vendor "Emc" for product "Sourceone Email Management" and version " <= 6.6.0.1209" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Exchange Search vendor "Microsoft" for product "Exchange" | * | - |
Safe
|
| Emc Search vendor "Emc" | Sourceone Email Management Search vendor "Emc" for product "Sourceone Email Management" | 6.5.2.3668 Search vendor "Emc" for product "Sourceone Email Management" and version "6.5.2.3668" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Exchange Search vendor "Microsoft" for product "Exchange" | * | - |
Safe
|
| Emc Search vendor "Emc" | Sourceone Email Management Search vendor "Emc" for product "Sourceone Email Management" | <= 6.6.0.1209 Search vendor "Emc" for product "Sourceone Email Management" and version " <= 6.6.0.1209" | - |
Affected
| in | Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | * | - |
Safe
|
| Emc Search vendor "Emc" | Sourceone Email Management Search vendor "Emc" for product "Sourceone Email Management" | <= 6.6.0.1209 Search vendor "Emc" for product "Sourceone Email Management" and version " <= 6.6.0.1209" | - |
Affected
| in | Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | * | - |
Safe
|
| Emc Search vendor "Emc" | Sourceone Email Management Search vendor "Emc" for product "Sourceone Email Management" | 6.5.2.3668 Search vendor "Emc" for product "Sourceone Email Management" and version "6.5.2.3668" | - |
Affected
| in | Ibm Search vendor "Ibm" | Lotus Domino Search vendor "Ibm" for product "Lotus Domino" | * | - |
Safe
|
| Emc Search vendor "Emc" | Sourceone Email Management Search vendor "Emc" for product "Sourceone Email Management" | 6.5.2.3668 Search vendor "Emc" for product "Sourceone Email Management" and version "6.5.2.3668" | - |
Affected
| in | Ibm Search vendor "Ibm" | Lotus Notes Search vendor "Ibm" for product "Lotus Notes" | * | - |
Safe
|