- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 12658
- Проверка EDB
-
- Пройдено
- Автор
- NAHUEL GRISOLIA
- Тип уязвимости
- WEBAPPS
- Платформа
- FREEBSD
- CVE
- N/A
- Дата публикации
- 2010-05-19
Код:
Advisory Name:Web Administration Broken Access Control in McAfee Email Gateway (formerly IronMail)
Vulnerability Class: Broken Access Control
Release Date: May 19, 2010
Affected Applications: Secure Mail (Ironmail) ver.6.7.1
Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1
Local / Remote: Local
Severity: Medium – CVSS: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Researcher: Nahuel Grisolía from Cybsec Labs
Vendor Status: Vendor was informed. A patch is being developed.
Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf
Vulnerability Description:
Ironmail was found to allow Web Access users to execute arbitrary actions with Write rights, due to an
improper profile check.
===========
Download:
===========
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12658.pdf (cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken_Access.pdf)- Источник
- www.exploit-db.com
