Vulnerability Description
The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Email Gateway | 6.7.1 |
| Mcafee | Secure Mail | 6.7.1 |
Related Weaknesses (CWE)
References
- http://osvdb.org/64832Broken Link
- http://secunia.com/advisories/39881Vendor Advisory
- http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_AccesExploit
- http://www.securitytracker.com/id?1024018Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2010/1239Vendor Advisory
- http://osvdb.org/64832Broken Link
- http://secunia.com/advisories/39881Vendor Advisory
- http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_AccesExploit
- http://www.securitytracker.com/id?1024018Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2010/1239Vendor Advisory
FAQ
What is CVE-2010-2116?
CVE-2010-2116 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action i...
How severe is CVE-2010-2116?
CVE-2010-2116 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2116?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Email Gateway, Mcafee Secure Mail.