CVE-2012-6452

Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html
http://www.securityfocus.com/bid/57457
https://exchange.xforce.ibmcloud.com/vulnerabilities/81388

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:axway:email_firewall:-:::::::*
	cpe:2.3:a:axway:secure_messenger::::::::
	cpe:2.3:a:axway:secure_messenger:6.3.2:::::::*

History

No history.

Information

Published : 2014-05-27 14:55

Updated : 2024-02-04 18:35

NVD link : CVE-2012-6452

Mitre link : CVE-2012-6452

CVE.ORG link : CVE-2012-6452

JSON object : View

Products Affected

axway

email_firewall
secure_messenger

CWE

CWE-287

Improper Authentication

{"id": "CVE-2012-6452", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-05-27T14:55:03.323", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/57457", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests."}, {"lang": "es", "value": "Axway Secure Messenger anterior a 6.5 Updated Release 7, utilizado en Axway Email Firewall, proporciona respuestas diferentes a solicitudes de autenticaci\u00f3n dependiendo de si el usuario existe, lo que permite a atacantes remotos enumerar usuarios a trav\u00e9s de una serie de solicitudes."}], "lastModified": "2017-08-29T01:32:56.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:axway:email_firewall:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9ECB570C-C0AB-4BE9-B252-3999C76B5820"}, {"criteria": "cpe:2.3:a:axway:secure_messenger:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B166EECB-E2A4-4E39-BCDB-33175A8C44F4", "versionEndIncluding": "6.5.0"}, {"criteria": "cpe:2.3:a:axway:secure_messenger:6.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B07085D5-3101-4715-A64C-5465C5D2B9AD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}