Session Token Exposure in McAfee Email and Web Security (EWS) and Email Gateway (MEG)

Session Token Exposure in McAfee Email and Web Security (EWS) and Email Gateway (MEG)

CVE-2012-4583 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard.

Learn more about our Web App Pen Testing.