CVE-2010-2116

CVE-2010-2116

EPSS 2.3%

The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://osvdb.org/64832 http://secunia.com/advisories/39881 http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf http://www.securitytracker.com/id?1024018 http://www.vupen.com/english/advisories/2010/1239