CVE-2012-6452

Published: May 27, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests.

Affected (3)

Products: Axway: Email Firewall, Secure Messenger

2 products

Secure Messenger

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Axway Email Firewall	All versions
Axway Secure Messenger	Up to 6.5.0
Axway Secure Messenger	Version 6.3.2

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/57457

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/81388

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/57457

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/81388

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.