Session Token Exposure in McAfee Email and Web Security Products
CVE-2012-4583

Currently unrated

Key Information:

Vendor: Mcafee
Status: Email And Web Security; Email Gateway
Vendor: CVE Published:; 22 August 2012

Summary

A security vulnerability in McAfee Email and Web Security versions prior to 5.5 Patch 6 and 5.6 Patch 3, as well as McAfee Email Gateway version 7.0 before Patch 1, allows remote authenticated users to access the session tokens of other users via navigational actions within the Dashboard. This exploit can facilitate unauthorized access to sensitive user sessions, posing significant privacy and security risks for organizations using these products.

References

http://archives.neohapsis.com/archives/bugtraq/2012-03/01...

mailing-listx_refsource_BUGTRAQ

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 22, 2012
Vulnerability Reserved
Aug 22, 2012