CVE-2015-6843

Published: Oct 18, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach.

Affected (1)

Products: Emc: Sourceone Email Supervisor

Emc

1 product

Sourceone Email Supervisor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Emc Sourceone Email Supervisor	Up to 7.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html

Source: security_alert@emc.com

Third Party Advisory

http://seclists.org/bugtraq/2015/Oct/58

Source: security_alert@emc.com

Mailing List

http://www.securitytracker.com/id/1033787

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://seclists.org/bugtraq/2015/Oct/58

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.securitytracker.com/id/1033787

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.