6.5

CVE-2010-2116

Exploit
The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
McafeeEmail Gateway Version6.7.1
McafeeSecure Mail Version6.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.31% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://osvdb.org/64832
Broken Link
http://secunia.com/advisories/39881
Vendor Advisory
http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf
Exploit
http://www.securitytracker.com/id?1024018
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2010/1239
Vendor Advisory