CVE-2012-4582

McAfee EWS <5.5.6 & MEG <7.0.1 - Auth Bypass

Title source: llm

Description

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors.

References (2)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2012-03/0160.html

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10020

Scores

EPSS 0.0022

EPSS Percentile 44.8%

Classification

CWE

CWE-264

Status draft

Affected Products (4)

mcafee/email_and_web_security

mcafee/email_gateway

Timeline

Published Aug 22, 2012

Tracked Since Feb 18, 2026