Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Websense Web Security Hotfix 授权问题漏洞
Vulnerability Description
Websense Email Security是综合的邮件安全软件,对邮件和Web 2.0的混合威胁提供防护。 Websense Web Security 7.6之前版本Hotfix 24中的TRITON管理控制台中存在漏洞。远程攻击者可利用该漏洞通过在cookie中特殊的uid字段结合特殊的userRoles字段绕过认证并读取任意报告,如传递到explorer_wse/favorites.exe中的请求。
CVSS Information
N/A
Vulnerability Type
N/A