CVE-2012-4594
published 2012-08-22CVE-2012-4594: McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information…
PriorityP417medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
0.97%
57.3th percentile
McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcafee | epolicy_orchestrator | <= 4.6.1 | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | epolicy_orchestrator | — | — |
| mcafee | epolicy_orchestrator | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v27p-mv6r-mg8c: McAfee ePolicy Orchestrator (ePO) 4
ghsa_unreviewed·2022-05-17
CVE-2012-4594 [MEDIUM] GHSA-v27p-mv6r-mg8c: McAfee ePolicy Orchestrator (ePO) 4
McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL.
Red Hat
kernel: send(m)msg: user pointer dereferences
vendor_redhat·2011-08-25·CVSS 5.5
CVE-2011-4594 [MEDIUM] kernel: send(m)msg: user pointer dereferences
kernel: send(m)msg: user pointer dereferences
The __sys_sendmsg function in net/socket.c in the Linux kernel before 3.1 allows local users to cause a denial of service (system crash) via crafted use of the sendmmsg system call, leading to an incorrect pointer dereference.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4, 5 and Red Hat Enterprise MRG as they did not provide support for the sendmmsg syscall. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html.
Package: kernel (Red Hat Enterprise Linux 4) - Not affected
Package: kernel (Red Hat Enterprise Linux 5) - Not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2012-08-22
Published