The TRITON management console in Websense Web Security prior to 7.6 Hotfix 24 allows remote malicious users to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
websense websense web security 7.5 |
||
websense websense web security 7.1 |
||
websense websense web security |
||
websense websense web security 6.3.3 |
||
websense websense web security 6.3.2 |
||
websense websense web security 6.3.1 |
||
websense websense web security 6.3.0 |
||
websense websense web security 7.5.1 |
||
websense websense web security 7.1.1 |
||
websense websense web security 7.0 |