PT-2014-3577 · Websense · Websense Web Security+4
Publicado
2014-04-12
·
Atualizado
2014-04-14
·
CVE-2014-0347
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Websense Triton Unified Security Center versions 7.7.3 before Hotfix 31
Websense Web Filter versions 7.7.3 before Hotfix 31
Websense Web Security versions 7.7.3 before Hotfix 31
Websense Web Security Gateway versions 7.7.3 before Hotfix 31
Websense Web Security Gateway Anywhere versions 7.7.3 before Hotfix 31
Description
The issue allows remote authenticated users to read cleartext passwords by modifying an INPUT element in the Log Database or User Directories component. This is done by replacing
type="password" with type="text".Recommendations
For Websense Triton Unified Security Center version 7.7.3, apply Hotfix 31.
For Websense Web Filter version 7.7.3, apply Hotfix 31.
For Websense Web Security version 7.7.3, apply Hotfix 31.
For Websense Web Security Gateway version 7.7.3, apply Hotfix 31.
For Websense Web Security Gateway Anywhere version 7.7.3, apply Hotfix 31.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Websense Triton Unified Security Center
Websense Web Filter
Websense Web Security
Websense Web Security Gateway
Websense Web Security Gateway Anywhere