Description
Multiple serious vulnerabilities have been found in Websense products. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute or inject arbitrary code, spoof user interface and read or write arbitrary files.
Below is a complete list of vulnerabilities
- Multiple XSS vulnerabilities can be exploited remotely via parameters manipulation, a specially designed request and an unknown vectors related to DSS Mobile or DLP report;
- Lack of access restrictions can be exploited remotely via direct request;
- An unknown vulnerability can be exploited remotely via parameters manipulation and vectors related to SVM, brute force and Autocomplete;
- Improper credentials storage can be exploited remotely via a specially designed path and other unknown vendors;
- Multiple CSRF vulnerabilities can be exploited remotely via an unknown vectors.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
- Web-Security-Gateway-Anywhere
- Web-Security-Gateway
- Web-Security-and-Filter
- TRITON-AP-DATA
- TRITON-AP-EMAIL
- TRITON-V-Series
- TRITON-AP-WEB
CVE list
- CVE-2015-2747 warning
- CVE-2015-2746 high
- CVE-2014-9711 warning
- CVE-2015-2748 warning
- CVE-2015-2703 warning
- CVE-2015-2702 warning
- CVE-2015-2761 warning
- CVE-2015-2762 warning
- CVE-2014-9712 warning
- CVE-2015-2763 critical
- CVE-2015-2764 warning
- CVE-2015-2773 warning
- CVE-2015-2767 critical
- CVE-2015-2768 warning
- CVE-2015-2765 warning
- CVE-2015-2766 warning
- CVE-2015-2771 warning
- CVE-2015-2772 high
- CVE-2015-2769 high
- CVE-2015-2770 high
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!