SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Symantec Encryption Management Server (PGP Universal Server) Vendors:   Symantec
Symantec Encryption Management Server Lets Remote Authenticated Console Users Obtain a User's Outbound Email
SecurityTracker Alert ID:  1029729
SecurityTracker URL:  http://securitytracker.com/id/1029729
CVE Reference:   CVE-2014-1643   (Links to External Site)
Date:  Feb 6 2014
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.3.2
Description:   A vulnerability was reported in Symantec Encryption Management Server. A remote authenticated user can view a target user's outbound email messages.

A remote authenticated web console user can exploit an access control flaw in the Web Email Protection component to view an arbitrary user's stored outbound email messages.

This product is formerly known as Symantec PGP Universal Server.

Richard O'Donnell (via Portcullis Computer Security Ltd.) reported this vulnerability.

Impact:   A remote authenticated user can view a target user's outbound email messages.
Solution:   The vendor has issued a fix (3.3.2).

The vendor's advisory is available at:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00

Vendor URL:  www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00 (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC