Symantec Encryption Management Server Lets Remote Authenticated Console Users Obtain a User's Outbound Email
|
SecurityTracker Alert ID: 1029729 |
SecurityTracker URL: http://securitytracker.com/id/1029729
|
CVE Reference:
CVE-2014-1643
(Links to External Site)
|
Date: Feb 6 2014
|
Impact:
Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 3.3.2
|
Description:
A vulnerability was reported in Symantec Encryption Management Server. A remote authenticated user can view a target user's outbound email messages.
A remote authenticated web console user can exploit an access control flaw in the Web Email Protection component to view an arbitrary user's stored outbound email messages.
This product is formerly known as Symantec PGP Universal Server.
Richard O'Donnell (via Portcullis Computer Security Ltd.) reported this vulnerability.
|
Impact:
A remote authenticated user can view a target user's outbound email messages.
|
Solution:
The vendor has issued a fix (3.3.2).
The vendor's advisory is available at:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00
|
Vendor URL: www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140205_00 (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|