CVE-2012-4605

Websense Email Security 6.1-7.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78131
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64758

Scores

EPSS 0.0135
EPSS Percentile 68.3%

Details

CWE
CWE-200
Status published
Products (4)
websense/websense_email_security 6.1 (2 CPE variants)
websense/websense_email_security 7.0
websense/websense_email_security 7.1
websense/websense_email_security 7.2
Published Aug 23, 2012
Tracked Since Feb 18, 2026