Back to search
CVE-2012-4604
Published: Aug 23, 2012
Modified: Sep 16, 2024
PUBLISHED
Description
The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20120430 NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now