Описание
Multiple serious vulnerabilities have been found in Websense products. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute or inject arbitrary code, spoof user interface and read or write arbitrary files.
Below is a complete list of vulnerabilities
- Multiple XSS vulnerabilities can be exploited remotely via parameters manipulation, a specially designed request and an unknown vectors related to DSS Mobile or DLP report;
- Lack of access restrictions can be exploited remotely via direct request;
- An unknown vulnerability can be exploited remotely via parameters manipulation and vectors related to SVM, brute force and Autocomplete;
- Improper credentials storage can be exploited remotely via a specially designed path and other unknown vendors;
- Multiple CSRF vulnerabilities can be exploited remotely via an unknown vectors.
Первичный источник обнаружения
Эксплуатация
Public exploits exist for this vulnerability.
Связанные продукты
- Web-Security-Gateway-Anywhere
- Web-Security-Gateway
- Web-Security-and-Filter
- TRITON-AP-DATA
- TRITON-AP-EMAIL
- TRITON-V-Series
- TRITON-AP-WEB
Список CVE
- CVE-2015-2747 warning
- CVE-2015-2746 high
- CVE-2014-9711 warning
- CVE-2015-2748 warning
- CVE-2015-2703 warning
- CVE-2015-2702 warning
- CVE-2015-2761 warning
- CVE-2015-2762 warning
- CVE-2014-9712 warning
- CVE-2015-2763 critical
- CVE-2015-2764 warning
- CVE-2015-2773 warning
- CVE-2015-2767 critical
- CVE-2015-2768 warning
- CVE-2015-2765 warning
- CVE-2015-2766 warning
- CVE-2015-2771 warning
- CVE-2015-2772 high
- CVE-2015-2769 high
- CVE-2015-2770 high
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!