CVE-2012-4591

About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/78221
https://kc.mcafee.com/corporate/index?page=content&id=SB10022	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/78221
https://kc.mcafee.com/corporate/index?page=content&id=SB10022	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:enterprise_mobility_manager::::::::
	cpe:2.3:a:mcafee:enterprise_mobility_manager:4.7:::::::*

History

21 Nov 2024, 01:43

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/78221 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/78221 -
References	~~() https://kc.mcafee.com/corporate/index?page=content&id=SB10022 - Vendor Advisory~~	() https://kc.mcafee.com/corporate/index?page=content&id=SB10022 - Vendor Advisory

Information

Published : 2012-08-22 10:42

Updated : 2024-11-21 01:43

NVD link : CVE-2012-4591

Mitre link : CVE-2012-4591

CVE.ORG link : CVE-2012-4591

JSON object : View

Products Affected

mcafee

enterprise_mobility_manager

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2012-4591", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-08-22T10:42:05.240", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78221", "source": "cve@mitre.org"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10022", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78221", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10022", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page."}, {"lang": "es", "value": "About.aspx en el Portal de McAfee Enterprise Mobility Manager (EMM) anterior a v10,0 comunica el nombre de la cuenta de usuario para un proceso de trabajo de IIS, lo que permite a atacantes remotos obtener informaci\u00f3n sensible visitando esa p\u00e1gina."}], "lastModified": "2024-11-21T01:43:12.567", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mcafee:enterprise_mobility_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C31861-243D-4236-8DDF-67329AC63391", "versionEndIncluding": "9.6"}, {"criteria": "cpe:2.3:a:mcafee:enterprise_mobility_manager:4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EFFC4A8-98F5-4289-A409-9CE63F6BFB75"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}