CVE-2013-7104
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
14/12/2013
Last modified:
11/04/2025
Description
McAfee Email Gateway 7.6 allows remote authenticated administrators to execute arbitrary commands by specifying them in the value attribute in a (1) Command or (2) Script XML element. NOTE: this issue can be combined with CVE-2013-7092 to allow remote attackers to execute commands.
Impact
Base Score 2.0
9.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mcafee:email_gateway:7.6:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/100581
- http://packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html
- http://seclists.org/fulldisclosure/2013/Dec/18
- http://www.securityfocus.com/bid/64150
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90163
- http://osvdb.org/100581
- http://packetstormsecurity.com/files/124277/McAfee-Email-Gateway-7.6-Command-Execution-SQL-Injection.html
- http://seclists.org/fulldisclosure/2013/Dec/18
- http://www.securityfocus.com/bid/64150
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90163