Internal Information Disclosure in McAfee Email Gateway (formerly IronMail)

vendor:

Email Gateway

by:

Nahuel Grisolía

1,7

CVSS

LOW

Information Disclosure

N/A

CWE

Product Name: Email Gateway

Affected Version From: Secure Mail (Ironmail) ver.6.7.1

Affected Version To: Secure Mail (Ironmail) ver.6.7.1

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: FreeBSD 6.2 / Apache-Coyote 1.1

2010

Internal Information Disclosure in McAfee Email Gateway (formerly IronMail)

Some files that allow to obtain usernames and other internal information can be read by any user inside the CLI.

Mitigation:

Install McAfee Email Gateway 6.7.2 Hotfix 2.

Source

Exploit-DB raw data:

Advisory Name: Internal Information Disclosure in McAfee Email Gateway (formerly IronMail)
Vulnerability Class: Information Disclosure
Release Date: Tue Apr 6, 2010
Affected Applications: Secure Mail (Ironmail) ver.6.7.1
Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1
Local / Remote: Local
Severity: Low – CVSS: 1.7 (AV:L/AC:L/Au:S/C:P/I:N/A:N)
Researcher: Nahuel Grisolía

Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2.
Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf

Vulnerability Description:
Some files that allow to obtain usernames and other internal information can be read by any user inside
the CLI.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12091.pdf (cybsec_advisory_2010_0403.pdf)