CVE-2010-2116 Information

Description

The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users with only Read privileges to gain Write privileges to modify configuration via the save action in a direct request to admin/systemWebAdminConfig.do.

Reference

http://osvdb.org/64832 http://secunia.com/advisories/39881 http://www.cybsec.com/vuln/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken.pdf http://www.securitytracker.com/id?1024018 http://www.vupen.com/english/advisories/2010/1239