CVE-2012-4589
First published: Wed Aug 22 2012(Updated: )
Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| McAfee Enterprise Mobility Manager | <=9.6 | |
| McAfee Enterprise Mobility Manager | =4.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-4589?
CVE-2012-4589 has a medium severity rating due to its potential for exploitation through unattended workstations.
How do I fix CVE-2012-4589?
To mitigate CVE-2012-4589, upgrade to McAfee Enterprise Mobility Manager version 10.0 or later, which includes the fix.
What does CVE-2012-4589 affect?
CVE-2012-4589 affects McAfee Enterprise Mobility Manager versions prior to 10.0, specifically concerning the login form's lack of an auto-complete attribute.
What could an attacker do with CVE-2012-4589?
An attacker could potentially exploit CVE-2012-4589 to gain unauthorized access by leveraging an unattended workstation.
Is there a workaround for CVE-2012-4589 if I cannot upgrade?
There are no definitive workarounds for CVE-2012-4589, so upgrading to a secure version is strongly recommended.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/mcafee
- canonical/mcafee enterprise mobility manager
- version/mcafee enterprise mobility manager/9.6
- version/mcafee enterprise mobility manager/4.7