Vulnerability Details : CVE-2012-4605
The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2012-4605
Probability of exploitation activity in the next 30 days: 0.31%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-4605
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-4605
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4605
-
http://www.websense.com/support/article/kbarticle/SSL-TLS-weak-and-export-ciphers-detected-in-Websense-Email-Security-deployments
KB Article | Forcepoint SupportVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78131
Websense Email Security SMTP information disclosure CVE-2012-4605 Vulnerability Report
-
http://www.securityfocus.com/bid/64758
RETIRED: Oracle January 2014 Critical Patch Update Multiple Vulnerabilities
Products affected by CVE-2012-4605
- cpe:2.3:a:websense:websense_email_security:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:websense:websense_email_security:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:websense:websense_email_security:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:websense:websense_email_security:6.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:websense:websense_email_security:7.2:*:*:*:*:*:*:*