Описание
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mcafee:email_and_web_security:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:email_and_web_security:5.5:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:email_and_web_security:5.6:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:email_gateway:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00162
Низкий
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.
EPSS
Процентиль: 38%
0.00162
Низкий
4 Medium
CVSS2
Дефекты
CWE-200