Description
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.
References (2)
Core 2
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-03/0161.html
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10020
Scores
EPSS
0.0026
EPSS Percentile
49.5%
Details
CWE
CWE-200
Status
published
Products (4)
mcafee/email_and_web_security
5.0
mcafee/email_and_web_security
5.5
mcafee/email_and_web_security
5.6
mcafee/email_gateway
7.0
Published
Aug 22, 2012
Tracked Since
Feb 18, 2026