The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of TRITON APX EMAIL

vulnerability CVE-2015-2702 CVE-2015-2763 CVE-2015-2765

Websense TRITON AP-EMAIL: thirteen vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Websense TRITON AP-EMAIL.
Impacted products: TRITON AP-EMAIL, Websense Email Security.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 13.
Creation date: 19/03/2015.
Identifiers: CVE-2015-2702, CVE-2015-2763, CVE-2015-2765, CVE-2015-2766, CVE-2015-2767, CVE-2015-2768, CVE-2015-2769, CVE-2015-2771, EI-1058, EI-2637, ESG-3696, ESG-3711, ESG-4342, ESG-4343, ESG-4344, ESG-4687, ESG-5336, ESG-5622, ESG-5623, ESG-5658, ESG-5660, ESG-5834, ESG-6005, ESG-6006, VIGILANCE-VUL-16420.

Description of the vulnerability

Several vulnerabilities were announced in Websense TRITON AP-EMAIL.

An attacker can use a weak encryption algorithm on the SSL service. [severity:2/4; ESG-5623]

An unknown vulnerability was announced on port 17703. [severity:2/4; CVE-2015-2763, ESG-4687]

An attacker can use a Clickjacking, in order to escalate his privileges. [severity:2/4; ESG-4344]

An unknown vulnerability was announced in Autocomplete. [severity:1/4; CVE-2015-2767, ESG-4343]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2015-2702, ESG-6006]

A brute force can be used with PEM. [severity:2/4; CVE-2015-2766, EI-1058, ESG-3696]

An attacker can use a Clickjacking, in order to escalate his privileges. [severity:2/4; CVE-2015-2765, EI-2637, ESG-5336]

An attacker can use OpenSSL vulnerabilities previous to 1.0.1h. [severity:3/4; ESG-3711]

An attacker can use a Clickjacking, in order to escalate his privileges. [severity:2/4; EI-2637, ESG-5658, ESG-5660]

An attacker can capture a clear text authentication. [severity:2/4; CVE-2015-2771, ESG-5622]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2015-2768, ESG-4342]

An attacker can trigger a Cross Site Request Forgery in PEM, in order to force the victim to perform operations. [severity:2/4; CVE-2015-2769, ESG-6005]

An unknown vulnerability was announced in SSLv2. [severity:1/4; ESG-5834]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.