EMC SourceOne Email Management Information Disclosure Vulnerability

Bugtraq ID:	51449
Class:	Design Error
CVE:	CVE-2011-4142
Remote:	Yes
Local:	No
Published:	Jan 17 2012 12:00AM
Updated:	Jan 17 2012 12:00AM
Credit:	EMC
Vulnerable:	EMC SourceOne Email Management for Microsoft Exchange 6.6.0.1209 (HF1) EMC SourceOne Email Management for Microsoft Exchange 6.5.2.3668 (SP2 HF3) EMC SourceOne Email Management 6.7.2.0017 (SP2) EMC SourceOne Email Management 6.6.1.2108 (SP1 HF1) EMC SourceOne Email Management 6.6 SP1
Not Vulnerable:	EMC SourceOne Email Management 6.7.2.2033 EMC SourceOne Email Management 6.6.1.2194 EMC SourceOne Email Management 6.5.2.4033

EMC SourceOne Email Management Information Disclosure Vulnerability

EMC SourceOne Email Management is prone to an information disclosure vulnerability.

An unprivileged attacker can exploit this issue to gain access to sensitive information that may aid in further attacks.

The following EMC SourceOne Email Management versions are vulnerable:

6.5 (6.5.2.3668) (SP2 HF3) and prior versions
6.6 (6.6.1.2108) (SP1 HF1) and prior versions
6.7 (6.7.2.0017) (SP2) and prior version

EMC SourceOne Email Management Information Disclosure Vulnerability

An attacker can use readily available tools to exploit this issue.

EMC SourceOne Email Management Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references for more information.

EMC SourceOne Email Management Information Disclosure Vulnerability

References:

• EMC SourceOne Email Management Product Page (EMC)
  
• ESA-2012-003: EMC SourceOne Web Search Sensitive Information ([email protected])