CVE-2010-2116

Mcafee Email Gateway - Incorrect Permission Assignment

Title source: rule

Description

The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.

References (5)

[Broken Link] http://osvdb.org/64832

[Vendor Advisory] http://secunia.com/advisories/39881

[Exploit] http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024018

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/1239

Scores

EPSS 0.0054

EPSS Percentile 67.3%

Classification

CWE

CWE-732

Status draft

Affected Products (2)

mcafee/email_gateway

mcafee/secure_mail

Timeline

Published May 28, 2010

Tracked Since Feb 18, 2026