Multiple Vulnerabilities in McAfee Email Gateway

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35053	2012-B-0119	SV-46317r2_rule	ECMT-1 ECMT-2 VIVM-1	Medium

Description
McAfee has released a security advisory addressing multiple vulnerabilities in Email Gateway. McAfee Email Gateway consolidates inbound threat protection, outbound data loss prevention, encryption, advanced compliance, and administration into a single appliance. To exploit these vulnerabilities, an attacker creates and sends a malicious email with attachments to a user and convinces them to interact with the attachments. If successfully exploited, the attacker would gain the ability to cause a denial of service condition or perform cross-site scripting attacks on the affected system.<br><br> At this time, there are known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. <br><br>

Description

McAfee has released a security advisory addressing multiple vulnerabilities in Email Gateway. McAfee Email Gateway consolidates inbound threat protection, outbound data loss prevention, encryption, advanced compliance, and administration into a single appliance. To exploit these vulnerabilities, an attacker creates and sends a malicious email with attachments to a user and convinces them to interact with the attachments. If successfully exploited, the attacker would gain the ability to cause a denial of service condition or perform cross-site scripting attacks on the affected system.<br><br> At this time, there are known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents. <br><br>

STIG	Date
VMware ESXi Server 5.0 Security Technical Implementation Guide	2013-09-12

Details

Check Text ( None )
None

Fix Text (None)
None