Web Email Protection Vulnerability in Symantec Encryption Management Server
CVE-2014-1643

Currently unrated

Key Information:

Vendor: Symantec
Status: Encryption Management Server
Vendor: CVE Published:; 7 February 2014

Summary

The Web Email Protection component in Symantec Encryption Management Server prior to version 3.3.2 is vulnerable to a security flaw that enables remote authenticated users to access and read the stored outbound email messages of other users through a specially crafted URL. This loophole poses significant risks, as it compromises the confidentiality of sensitive communications and allows unauthorized access to private data.

References

http://www.securitytracker.com/id/1029729

vdb-entryx_refsource_SECTRACK

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/65300

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 7, 2014
Vulnerability Reserved
Jan 23, 2014