Websense V-Series Appliances vulnerabilities
11 known vulnerabilities affecting websense/v-series_appliances.
Total CVEs
11
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM10
Vulnerabilities
Page 1 of 1
CVE-2015-2746P3MEDIUMCVSS 6.5PoC≤ 7.72015-03-26
CVE-2015-2746 [MEDIUM] CWE-77 CVE-2015-2746: The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the
nvd
CVE-2015-2772P3HIGHCVSS 7.5≤ 7.72015-03-27
CVE-2015-2772 [HIGH] CVE-2015-2772: SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files v
SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors.
nvd
CVE-2015-2770P4MEDIUMCVSS 6.8≤ 7.72015-03-27
CVE-2015-2770 [MEDIUM] CWE-352 CVE-2015-2770: Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series
Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series appliances before 8.0.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
nvd
CVE-2015-2773P4MEDIUMCVSS 5.0≤ 7.72015-03-27
CVE-2015-2773 [MEDIUM] CVE-2015-2773: SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via
SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors.
nvd
CVE-2015-2748P4MEDIUMCVSS 5.0≤ 7.72015-03-26
CVE-2015-2748 [MEDIUM] CWE-200 CVE-2015-2748: Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, whi
Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file.
nvd
CVE-2015-2771P4MEDIUMCVSS 5.0≤ 7.72015-03-27
CVE-2015-2771 [MEDIUM] CWE-200 CVE-2015-2771: The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext cred
The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.
nvd
CVE-2014-9712P4MEDIUMCVSS 4.0≤ 7.72015-03-27
CVE-2014-9712 [MEDIUM] CWE-200 CVE-2014-9712: Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote a
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path.
nvd
CVE-2015-2703P4MEDIUMCVSS 4.3v7.72015-03-25
CVE-2015-2703 [MEDIUM] CWE-79 CVE-2015-2703: Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Ser
Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-WEB before 8.0.0 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via the (1) ws-userip in the ws-encdata parameter to cve-bin/moreBlockInfo.cgi in the Data Security block page or (2) admin_msg parameter to configure/ssl_ui/eva-config/clie
nvd
CVE-2015-2747P4MEDIUMCVSS 4.3v7.72015-03-26
CVE-2015-2747 [MEDIUM] CWE-79 CVE-2015-2747: Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Foren
Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy.
nvd
CVE-2015-2702P4MEDIUMCVSS 4.3v7.72015-03-25
CVE-2015-2702 [MEDIUM] CWE-79 CVE-2015-2702: Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websens
Cross-site scripting (XSS) vulnerability in the Message Log in the Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via the sender address in an email.
nvd
CVE-2015-2768P4MEDIUMCVSS 4.3v7.72015-03-27
CVE-2015-2768 [MEDIUM] CWE-79 CVE-2015-2768: Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 a
Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd