Vulnerabilities > CVE-2015-6846 - Credentials Management vulnerability in EMC Sourceone Email Supervisor

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

emc

CWE-255

NVD

Published: 2015-10-18

Updated: 2016-12-08

Summary

EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations.

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Sourceone Email Supervisor *	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html
http://seclists.org/bugtraq/2015/Oct/58
http://www.securitytracker.com/id/1033787