CVE-2012-4586

McAfee EWS <5.5.6 & MEG <7.0.1 - Privilege Escalation

Title source: llm

Description

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10020

Scores

EPSS 0.0011

EPSS Percentile 29.3%

Classification

CWE

CWE-264

Status draft

Affected Products (4)

mcafee/email_and_web_security

mcafee/email_gateway

Timeline

Published Aug 22, 2012

Tracked Since Feb 18, 2026