CVE-2012-4604

Published: Aug 23, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe.

Affected (10)

Products: Websense: Websense Web Security

Websense

1 product

Websense Web Security

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Websense Websense Web Security	Up to 7.6
Websense Websense Web Security	Version 6.3.0
Websense Websense Web Security	Version 6.3.1
Websense Websense Web Security	Version 6.3.2
Websense Websense Web Security	Version 6.3.3
Websense Websense Web Security	Version 7.0
Websense Websense Web Security	Version 7.1.1
Websense Websense Web Security	Version 7.1
Websense Websense Web Security	Version 7.5.1
Websense Websense Web Security	Version 7.5

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://www.securityfocus.com/archive/1/522530

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/522530

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.