Описание
Multiple serious vulnerabilities have been found in Websense products. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute or inject arbitrary code, spoof user interface and read or write arbitrary files.
Below is a complete list of vulnerabilities
- Multiple XSS vulnerabilities can be exploited remotely via parameters manipulation, a specially designed request and an unknown vectors related to DSS Mobile or DLP report;
- Lack of access restrictions can be exploited remotely via direct request;
- An unknown vulnerability can be exploited remotely via parameters manipulation and vectors related to SVM, brute force and Autocomplete;
- Improper credentials storage can be exploited remotely via a specially designed path and other unknown vendors;
- Multiple CSRF vulnerabilities can be exploited remotely via an unknown vectors.
Первичный источник обнаружения
Эксплуатация
The following public exploits exists for this vulnerability:
https://www.exploit-db.com/exploits/36423
Связанные продукты
- Web-Security-Gateway-Anywhere
- Web-Security-Gateway
- Web-Security-and-Filter
- TRITON-AP-DATA
- TRITON-AP-EMAIL
- TRITON-V-Series
- TRITON-AP-WEB
Список CVE
- CVE-2015-2747 warning
- CVE-2015-2746 high
- CVE-2014-9711 warning
- CVE-2015-2748 critical
- CVE-2015-2703 warning
- CVE-2015-2702 warning
- CVE-2015-2761 warning
- CVE-2015-2762 critical
- CVE-2014-9712 warning
- CVE-2015-2763 critical
- CVE-2015-2764 warning
- CVE-2015-2773 critical
- CVE-2015-2767 critical
- CVE-2015-2768 warning
- CVE-2015-2765 warning
- CVE-2015-2766 critical
- CVE-2015-2771 critical
- CVE-2015-2772 critical
- CVE-2015-2769 high
- CVE-2015-2770 high
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!