Vulnerabilities > Mcafee

DATE CVE VULNERABILITY TITLE RISK
2012-08-22 CVE-2012-4591 Information Exposure vulnerability in Mcafee Enterprise Mobility Manager 4.7
About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page.
network
low complexity
mcafee CWE-200
5.0
2012-08-22 CVE-2012-4590 Cross-Site Scripting vulnerability in Mcafee Enterprise Mobility Manager 4.7
Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable.
network
mcafee CWE-79
4.3
2012-08-22 CVE-2012-4589 Unspecified vulnerability in Mcafee Enterprise Mobility Manager 4.7
Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
local
low complexity
mcafee
2.1
2012-08-22 CVE-2012-4588 Credentials Management vulnerability in Mcafee products
McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames.
network
mcafee CWE-255
4.3
2012-08-22 CVE-2012-4587 Permissions, Privileges, and Access Controls vulnerability in Mcafee products
McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device.
network
mcafee CWE-264
3.5
2012-08-22 CVE-2012-4586 Permissions, Privileges, and Access Controls vulnerability in Mcafee Email and web Security and Email Gateway
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file.
network
mcafee CWE-264
3.5
2012-08-22 CVE-2012-4585 Permissions, Privileges, and Access Controls vulnerability in Mcafee Email and web Security and Email Gateway
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL.
network
low complexity
mcafee CWE-264
4.0
2012-08-22 CVE-2012-4584 Cryptographic Issues vulnerability in Mcafee Email and web Security and Email Gateway
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes.
network
mcafee CWE-310
3.5
2012-08-22 CVE-2012-4583 Information Exposure vulnerability in Mcafee Email and web Security and Email Gateway
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.
network
low complexity
mcafee CWE-200
4.0
2012-08-22 CVE-2012-4582 Permissions, Privileges, and Access Controls vulnerability in Mcafee Email and web Security and Email Gateway
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors.
network
mcafee CWE-264
4.9