Sign-up

ID

VAR-201502-0096


CVE

CVE-2015-1619


TITLE

McAfee Email Gateway of Secure Web Mail Client Cross-site scripting vulnerability in user interface

Trust: 0.8

sources: JVNDB: JVNDB-2015-001543

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages. McAfee Email Gateway is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The solution offers incoming threat protection, outgoing encryption, data loss prevention, and more. The following versions are affected: MEG 7.6.x prior to 7.6.3.2, 7.5.x prior to 75.6, 7.0.x through 7.0.5, 5.6 and prior

Trust: 1.98

sources: NVD: CVE-2015-1619 // JVNDB: JVNDB-2015-001543 // BID: 73420 // VULHUB: VHN-79580

AFFECTED PRODUCTS

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3

Trust: 1.9

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.1

Trust: 1.9

vendor:mcafeemodel:email gatewayscope:eqversion:7.6

Trust: 1.9

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.2

Trust: 1.6

vendor:mcafeemodel:email gatewayscope:eqversion:7.5.1

Trust: 1.6

vendor:mcafeemodel:email gatewayscope:eqversion:7.5.3

Trust: 1.6

vendor:mcafeemodel:email gatewayscope:eqversion:7.5.4

Trust: 1.6

vendor:mcafeemodel:email gatewayscope:eqversion:7.5

Trust: 1.6

vendor:mcafeemodel:email gatewayscope:eqversion:7.5.5

Trust: 1.6

vendor:mcafeemodel:email gatewayscope:eqversion:7.5.2

Trust: 1.6

vendor:mcafeemodel:email gatewayscope:eqversion:7.0.4

Trust: 1.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.0.2

Trust: 1.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.0.5

Trust: 1.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.0.3

Trust: 1.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.0.1

Trust: 1.3

vendor:mcafeemodel:email gatewayscope:eqversion:7.0

Trust: 1.3

vendor:mcafeemodel:email gatewayscope:lteversion:5.6

Trust: 1.0

vendor:mcafeemodel:email gatewayscope:ltversion:7.5.x

Trust: 0.8

vendor:mcafeemodel:email gatewayscope:eqversion:7.6.3.2

Trust: 0.8

vendor:mcafeemodel:email gatewayscope:eqversion:7.0.5 for up to 7.0.x

Trust: 0.8

vendor:mcafeemodel:email gatewayscope:ltversion:7.6.x

Trust: 0.8

vendor:mcafeemodel:email gatewayscope:lteversion:5.6 and earlier

Trust: 0.8

vendor:mcafeemodel:email gatewayscope:eqversion:7.5.6

Trust: 0.8

vendor:mcafeemodel:email gatewayscope:eqversion:5.6.0

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:neversion:7.6.3.2

Trust: 0.3

vendor:mcafeemodel:email gatewayscope:neversion:7.5.6

Trust: 0.3

vendor:mcafeemodel:email gateway 7.0.5h1021346scope:neversion: -

Trust: 0.3

vendor:mcafeemodel:email gateway 5.6h1021351scope:neversion: -

Trust: 0.3

sources: BID: 73420 // JVNDB: JVNDB-2015-001543 // CNNVD: CNNVD-201502-331 // NVD: CVE-2015-1619

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1619
value: LOW

Trust: 1.0

NVD: CVE-2015-1619
value: LOW

Trust: 0.8

CNNVD: CNNVD-201502-331
value: LOW

Trust: 0.6

VULHUB: VHN-79580
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2015-1619
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-79580
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-79580 // JVNDB: JVNDB-2015-001543 // CNNVD: CNNVD-201502-331 // NVD: CVE-2015-1619

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-79580 // JVNDB: JVNDB-2015-001543 // NVD: CVE-2015-1619

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-331

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201502-331

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001543

PATCH
title:SB10099url:https://kc.mcafee.com/corporate/index?page=content&id=SB10099
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-001543

EXTERNAL IDS
db:NVDid:CVE-2015-1619
Trust: 2.8
db:MCAFEEid:SB10099
Trust: 2.0
db:JVNDBid:JVNDB-2015-001543
Trust: 0.8
db:CNNVDid:CNNVD-201502-331
Trust: 0.7
db:BIDid:73420
Trust: 0.4
db:VULHUBid:VHN-79580
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79580 // 
            
            
            
            BID: 73420 // 
            
            
            
            JVNDB: JVNDB-2015-001543 // 
            
            
            
            CNNVD: CNNVD-201502-331 // 
            
            
            
            NVD: CVE-2015-1619

REFERENCES
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10099
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1619
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1619
Trust: 0.8
url:http://www.mcafee.com/
Trust: 0.3
url:https://kc.mcafee.com/corporate/index?page=content&id=sb10099
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79580 // 
            
            
            
            BID: 73420 // 
            
            
            
            JVNDB: JVNDB-2015-001543 // 
            
            
            
            CNNVD: CNNVD-201502-331 // 
            
            
            
            NVD: CVE-2015-1619

CREDITS
François Goichon from Context Information Security.
Trust: 0.3
sources:
            
            
            BID: 73420

SOURCES
db:VULHUBid:VHN-79580
db:BIDid:73420
db:JVNDBid:JVNDB-2015-001543
db:CNNVDid:CNNVD-201502-331
db:NVDid:CVE-2015-1619

LAST UPDATE DATE
2025-04-13T23:04:36.433000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-79580date:2015-02-18T00:00:00
db:BIDid:73420date:2015-01-20T00:00:00
db:JVNDBid:JVNDB-2015-001543date:2015-02-23T00:00:00
db:CNNVDid:CNNVD-201502-331date:2015-02-25T00:00:00
db:NVDid:CVE-2015-1619date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-79580date:2015-02-17T00:00:00
db:BIDid:73420date:2015-01-20T00:00:00
db:JVNDBid:JVNDB-2015-001543date:2015-02-23T00:00:00
db:CNNVDid:CNNVD-201502-331date:2015-02-25T00:00:00
db:NVDid:CVE-2015-1619date:2015-02-17T15:59:10.107