CVE-2012-4583

McAfee EWS <5.5.6 & MEG <7.0.1 - Info Disclosure

Title source: llm

Description

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.

References (2)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2012-03/0161.html

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10020

Scores

EPSS 0.0026

EPSS Percentile 49.2%

Classification

CWE

CWE-200

Status draft

Affected Products (4)

mcafee/email_and_web_security

mcafee/email_gateway

Timeline

Published Aug 22, 2012

Tracked Since Feb 18, 2026