Vulnerability Details CVE-2012-4604
The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.6%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2012-4604
-
cpe:2.3:a:websense:websense_web_security:6.3.0
-
cpe:2.3:a:websense:websense_web_security:6.3.1
-
cpe:2.3:a:websense:websense_web_security:6.3.2
-
cpe:2.3:a:websense:websense_web_security:6.3.3
-
cpe:2.3:a:websense:websense_web_security:7.0
-
cpe:2.3:a:websense:websense_web_security:7.1
-
cpe:2.3:a:websense:websense_web_security:7.1.1
-
cpe:2.3:a:websense:websense_web_security:7.5
-
cpe:2.3:a:websense:websense_web_security:7.5.1