CVE-2012-6452

Axway Email Firewall < 6.5.0 - Authentication Bypass

Title source: rule

Description

Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.

References (3)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/57457

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/81388

Scores

EPSS 0.0035

EPSS Percentile 57.0%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

axway/email_firewall

axway/secure_messenger < 6.5.0

axway/secure_messenger

Timeline

Published May 27, 2014

Tracked Since Feb 18, 2026