Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-1424

The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.

Published

2011-05-24T23:55:02.777

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-16

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	emc	sourceone_email_management	≤ 6.6.0.1209	Yes
Application	emc	sourceone_email_management	6.5.2.3668	Yes
Application	microsoft	exchange	*	No
Application	emc	sourceone_email_management	≤ 6.6.0.1209	Yes
Application	emc	sourceone_email_management	6.5.2.3668	Yes
Application	ibm	lotus_domino	*	No
Application	ibm	lotus_notes	*	No

References

http://securityreason.com/securityalert/8258 ([email protected])
http://www.securityfocus.com/archive/1/518003/100/0/threaded ([email protected])
http://securityreason.com/securityalert/8258 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/518003/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)