McAfee Email and Web Security Appliance and Email Gateway Multiple Vulnerabilities
McAfee Email and Web Security Appliance and Email Gateway are prone to a cross-site scripting vulnerability, multiple information-disclosure vulnerabilities, a directory-traversal vulnerability, a security-bypass vulnerability, and an insecure-encryption vulnerability.
A remote attacker could leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Exploiting the information-disclosure issues allow the attacker to view local files within the context of the Web server process.
Exploiting the security-bypass vulnerability allows attackers to bypass security restrictions and obtain sensitive information or perform unauthorized actions.
Exploiting the directory-traversal issue allows attackers to use directory-traversal strings to retrieve arbitrary files in the context of the affected application.
Exploiting the insecure-encryption issue allows attackers to determine encryption keys, which may lead to further attacks.