The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of AP-DATA

computer vulnerability note CVE-2014-3566 CVE-2015-2747 CVE-2015-2764

Websense TRITON AP-DATA: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Websense TRITON AP-DATA.
Impacted products: TRITON AP-DATA.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 19/03/2015.
Identifiers: CVE-2014-3566, CVE-2015-2747, CVE-2015-2764, DSS-7910, DSS-8368, DSS-8369, EI-2301, EI-2970, EIP-223, VIGILANCE-VUL-16419, WCG-2301, WCG-2347, WSE 4544, WSE-4723.

Description of the vulnerability

Several vulnerabilities were announced in Websense TRITON AP-DATA.

An attacker can use a Microsoft Windows Unquoted Service Path, in order to obtain sensitive information. [severity:2/4; EIP-223]

An attacker can trigger a Cross Site Scripting in DSS Mobile Report Catalog, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2015-2764, DSS-8369]

An attacker can trigger a Cross Site Scripting in DSS UI - DSS DLP Report Catalog, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2015-2747, CVE-2015-2764, DSS-8368]

An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0 session, in order to obtain sensitive information (VIGILANCE-VUL-15485). [severity:2/4; CVE-2014-3566, DSS-7910, EI-2301, EI-2970, WCG-2301, WCG-2347, WSE 4544, WSE-4723]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.