CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
75.1%
The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe.
Vendor | Product | Version | CPE |
---|---|---|---|
websense | websense_web_security | * | cpe:2.3:a:websense:websense_web_security:*:*:*:*:*:*:*:* |
websense | websense_web_security | 6.3.0 | cpe:2.3:a:websense:websense_web_security:6.3.0:*:*:*:*:*:*:* |
websense | websense_web_security | 6.3.1 | cpe:2.3:a:websense:websense_web_security:6.3.1:*:*:*:*:*:*:* |
websense | websense_web_security | 6.3.2 | cpe:2.3:a:websense:websense_web_security:6.3.2:*:*:*:*:*:*:* |
websense | websense_web_security | 6.3.3 | cpe:2.3:a:websense:websense_web_security:6.3.3:*:*:*:*:*:*:* |
websense | websense_web_security | 7.0 | cpe:2.3:a:websense:websense_web_security:7.0:*:*:*:*:*:*:* |
websense | websense_web_security | 7.1 | cpe:2.3:a:websense:websense_web_security:7.1:*:*:*:*:*:*:* |
websense | websense_web_security | 7.1.1 | cpe:2.3:a:websense:websense_web_security:7.1.1:*:*:*:*:*:*:* |
websense | websense_web_security | 7.5 | cpe:2.3:a:websense:websense_web_security:7.5:*:*:*:*:*:*:* |
websense | websense_web_security | 7.5.1 | cpe:2.3:a:websense:websense_web_security:7.5.1:*:*:*:*:*:*:* |