Description
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.
References (2)
Core 2
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8258
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/518003/100/0/threaded
Scores
EPSS
0.0016
EPSS Percentile
36.7%
Details
CWE
CWE-16
Status
published
Products (2)
emc/sourceone_email_management
6.5.2.3668
emc/sourceone_email_management
< 6.6.0.1209
Published
May 24, 2011
Tracked Since
Feb 18, 2026