Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-2116

The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.

Published

2010-05-28T20:30:01.597

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mcafee	email_gateway	6.7.1	Yes
Application	mcafee	secure_mail	6.7.1	Yes

References

http://osvdb.org/64832 Broken Link ([email protected])
http://secunia.com/advisories/39881 Vendor Advisory ([email protected])
http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf Exploit ([email protected])
http://www.securitytracker.com/id?1024018 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2010/1239 Vendor Advisory ([email protected])
http://osvdb.org/64832 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39881 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024018 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1239 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)