Sign-up

ID

VAR-201208-0296


CVE

CVE-2012-4605


TITLE

Websense Email Security of SMTP Vulnerabilities that can capture important information in components

Trust: 0.8

sources: JVNDB: JVNDB-2012-003852

DESCRIPTION

The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. Websense Email Security is an email security solution. Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2012-4605 // JVNDB: JVNDB-2012-003852 // CNVD: CNVD-2012-4464 // BID: 59313 // IVD: 771d9c52-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 771d9c52-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4464

AFFECTED PRODUCTS

vendor:websensemodel:email securityscope:eqversion:7.2

Trust: 1.9

vendor:websensemodel:email securityscope:eqversion:7.1

Trust: 1.9

vendor:websensemodel:email securityscope:eqversion:6.1

Trust: 1.6

vendor:websensemodel:email securityscope:eqversion:7.0

Trust: 1.6

vendor:web sensemodel:websense email securityscope:eqversion:6.1 to 7.3

Trust: 0.8

vendor:oraclemodel:fusion middlewarescope:eqversion:of oracle forms and reports 11.1.2.1

Trust: 0.8

vendor:oraclemodel:http serverscope:eqversion:11.1.1.6.0

Trust: 0.8

vendor:oraclemodel:http serverscope:eqversion:11.1.1.7.0

Trust: 0.8

vendor:websensemodel:email securityscope:eqversion:6.1-7.3

Trust: 0.6

vendor:websense email securitymodel: - scope:eqversion:6.1

Trust: 0.4

vendor:websensemodel:email security hotfixscope:eqversion:7.14

Trust: 0.3

vendor:websense email securitymodel: - scope:eqversion:7.0

Trust: 0.2

vendor:websense email securitymodel: - scope:eqversion:7.1

Trust: 0.2

vendor:websense email securitymodel: - scope:eqversion:7.2

Trust: 0.2

sources: IVD: 771d9c52-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-4464 // BID: 59313 // JVNDB: JVNDB-2012-003852 // CNNVD: CNNVD-201208-449 // NVD: CVE-2012-4605

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4605
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4605
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201208-449
value: MEDIUM

Trust: 0.6

IVD: 771d9c52-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2012-4605
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 771d9c52-2353-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 771d9c52-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-003852 // CNNVD: CNNVD-201208-449 // NVD: CVE-2012-4605

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2012-003852 // NVD: CVE-2012-4605

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-449

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201208-449

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003852

PATCH
title:Oracle Critical Patch Update Advisory - January 2014url:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
Trust: 0.8
title:Text Form of Oracle Critical Patch Update - January 2014 Risk Matricesurl:http://www.oracle.com/technetwork/topics/security/cpujan2014verbose-1972951.html
Trust: 0.8
title:January 2014 Critical Patch Update Releasedurl:https://blogs.oracle.com/security/entry/january_2014_critical_patch_update
Trust: 0.8
title:000005836url:http://www.websense.com/support/article/kbarticle/SSL-TLS-weak-and-export-ciphers-detected-in-Websense-Email-Security-deployments
Trust: 0.8
title:Patch for Websense Email Security Weak Encryption Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/20733
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-4464 // 
            
            
            
            JVNDB: JVNDB-2012-003852

EXTERNAL IDS
db:NVDid:CVE-2012-4605
Trust: 3.5
db:BIDid:64758
Trust: 1.0
db:CNVDid:CNVD-2012-4464
Trust: 0.8
db:CNNVDid:CNNVD-201208-449
Trust: 0.8
db:JVNDBid:JVNDB-2012-003852
Trust: 0.8
db:BIDid:59313
Trust: 0.3
db:IVDid:771D9C52-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 771d9c52-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-4464 // 
            
            
            
            BID: 59313 // 
            
            
            
            JVNDB: JVNDB-2012-003852 // 
            
            
            
            CNNVD: CNNVD-201208-449 // 
            
            
            
            NVD: CVE-2012-4605

REFERENCES
url:http://www.websense.com/support/article/kbarticle/ssl-tls-weak-and-export-ciphers-detected-in-websense-email-security-deployments
Trust: 2.2
url:http://www.securityfocus.com/bid/64758
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/78131
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4605
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4605
Trust: 0.8
url:http://www.websense.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-4464 // 
            
            
            
            BID: 59313 // 
            
            
            
            JVNDB: JVNDB-2012-003852 // 
            
            
            
            CNNVD: CNNVD-201208-449 // 
            
            
            
            NVD: CVE-2012-4605

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 59313

SOURCES
db:IVDid:771d9c52-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-4464
db:BIDid:59313
db:JVNDBid:JVNDB-2012-003852
db:CNNVDid:CNNVD-201208-449
db:NVDid:CVE-2012-4605

LAST UPDATE DATE
2025-04-11T21:19:02.744000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-4464date:2012-08-28T00:00:00
db:BIDid:59313date:2014-01-16T00:42:00
db:JVNDBid:JVNDB-2012-003852date:2014-01-22T00:00:00
db:CNNVDid:CNNVD-201208-449date:2012-08-24T00:00:00
db:NVDid:CVE-2012-4605date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:771d9c52-2353-11e6-abef-000c29c66e3ddate:2012-08-28T00:00:00
db:CNVDid:CNVD-2012-4464date:2012-08-28T00:00:00
db:BIDid:59313date:2012-08-23T00:00:00
db:JVNDBid:JVNDB-2012-003852date:2012-08-24T00:00:00
db:CNNVDid:CNNVD-201208-449date:2012-08-24T00:00:00
db:NVDid:CVE-2012-4605date:2012-08-23T10:32:15.093