Vulnerability Details CVE-2010-2116
The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.6%
CVSS Severity
CVSS v2 Score 6.5
References
- http://osvdb.org/64832
- http://secunia.com/advisories/39881
- http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf
- http://www.securitytracker.com/id?1024018
- http://www.vupen.com/english/advisories/2010/1239
- http://osvdb.org/64832
- http://secunia.com/advisories/39881
- http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf
- http://www.securitytracker.com/id?1024018
- http://www.vupen.com/english/advisories/2010/1239
Products affected by CVE-2010-2116
-
cpe:2.3:a:mcafee:email_gateway:6.7.1
-
cpe:2.3:a:mcafee:secure_mail:6.7.1