Sign-up

ID

VAR-201405-0018


CVE

CVE-2012-6452


TITLE

Axway Email Firewall Used in Axway Secure Messenger Vulnerabilities enumerated by users

Trust: 0.8

sources: JVNDB: JVNDB-2012-006221

DESCRIPTION

Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. Axway Secure Messenger is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks. Axway Secure Messenger 6.5 is vulnerable; other versions may also be affected. Axway Secure Messenger is a suite of email encryption software from Axway, France. The software supports encrypting and authenticating emails, automating tracking of message delivery, and more. Specifically, two (2) JSESSIONIDs are returned for valid users, and one (1) for invalid users. Solution: Upgrade to Secure Messenger version 6.5 Updated Release 7, or migrate to Axway MailGate 5.2.0 (or later) for the equivalent functionality. Contact: support.axway.com

Trust: 2.07

sources: NVD: CVE-2012-6452 // JVNDB: JVNDB-2012-006221 // BID: 57457 // VULHUB: VHN-59733 // PACKETSTORM: 119650

AFFECTED PRODUCTS

vendor:axwaymodel:secure messengerscope:eqversion:6.3.2

Trust: 1.6

vendor:axwaymodel:email firewallscope:eqversion: -

Trust: 1.6

vendor:axwaymodel:secure messengerscope:lteversion:6.5.0

Trust: 1.0

vendor:axwaymodel:email firewallscope: - version: -

Trust: 0.8

vendor:axwaymodel:secure messengerscope:ltversion:6.5 updated release 7

Trust: 0.8

vendor:axwaymodel:secure messengerscope:eqversion:6.5.0

Trust: 0.6

vendor:axwaymodel:secure messengerscope:eqversion:6.5

Trust: 0.3

vendor:axwaymodel:secure messenger updated releasscope:neversion:6.5.0

Trust: 0.3

sources: BID: 57457 // JVNDB: JVNDB-2012-006221 // CNNVD: CNNVD-201301-430 // NVD: CVE-2012-6452

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-6452
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-6452
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201301-430
value: MEDIUM

Trust: 0.6

VULHUB: VHN-59733
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-6452
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-59733
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-59733 // JVNDB: JVNDB-2012-006221 // CNNVD: CNNVD-201301-430 // NVD: CVE-2012-6452

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-59733 // JVNDB: JVNDB-2012-006221 // NVD: CVE-2012-6452

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-430

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201301-430

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-006221

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-59733

PATCH
title:Axway Secure Messengerurl:http://www.axway.com/products-solutions/email-identity-security/email-encryption/secure-messenger
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-006221

EXTERNAL IDS
db:NVDid:CVE-2012-6452
Trust: 2.9
db:BIDid:57457
Trust: 2.0
db:XFid:81388
Trust: 1.4
db:JVNDBid:JVNDB-2012-006221
Trust: 0.8
db:CNNVDid:CNNVD-201301-430
Trust: 0.7
db:BUGTRAQid:20130117 CVE-2012-6452 AXWAY SECURE MESSENGER USERNAME DISCLOSURE
Trust: 0.6
db:PACKETSTORMid:119650
Trust: 0.2
db:VULHUBid:VHN-59733
Trust: 0.1
sources:
            
            
            VULHUB: VHN-59733 // 
            
            
            
            BID: 57457 // 
            
            
            
            JVNDB: JVNDB-2012-006221 // 
            
            
            
            PACKETSTORM: 119650 // 
            
            
            
            CNNVD: CNNVD-201301-430 // 
            
            
            
            NVD: CVE-2012-6452

REFERENCES
url:http://www.securityfocus.com/bid/57457
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html
Trust: 1.7
url:http://xforce.iss.net/xforce/xfdb/81388
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/81388
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6452
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6452
Trust: 0.8
url:http://www.axway.com/products-solutions/email-identity-security/email-encryption/secure-messenger
Trust: 0.3
url:/archive/1/525346
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2012-6452
Trust: 0.1
sources:
            
            
            VULHUB: VHN-59733 // 
            
            
            
            BID: 57457 // 
            
            
            
            JVNDB: JVNDB-2012-006221 // 
            
            
            
            PACKETSTORM: 119650 // 
            
            
            
            CNNVD: CNNVD-201301-430 // 
            
            
            
            NVD: CVE-2012-6452

CREDITS
Jason Doyle of FishNet Security
Trust: 0.9
sources:
            
            
            BID: 57457 // 
            
            
            
            CNNVD: CNNVD-201301-430

SOURCES
db:VULHUBid:VHN-59733
db:BIDid:57457
db:JVNDBid:JVNDB-2012-006221
db:PACKETSTORMid:119650
db:CNNVDid:CNNVD-201301-430
db:NVDid:CVE-2012-6452

LAST UPDATE DATE
2025-04-13T23:41:29.119000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-59733date:2017-08-29T00:00:00
db:BIDid:57457date:2013-01-17T00:00:00
db:JVNDBid:JVNDB-2012-006221date:2014-05-29T00:00:00
db:CNNVDid:CNNVD-201301-430date:2014-05-29T00:00:00
db:NVDid:CVE-2012-6452date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-59733date:2014-05-27T00:00:00
db:BIDid:57457date:2013-01-17T00:00:00
db:JVNDBid:JVNDB-2012-006221date:2014-05-29T00:00:00
db:PACKETSTORMid:119650date:2013-01-18T17:22:22
db:CNNVDid:CNNVD-201301-430date:2013-01-23T00:00:00
db:NVDid:CVE-2012-6452date:2014-05-27T14:55:03.323