KLA10506 Multiple vulnerabilities in Websense products

Multiple serious vulnerabilities have been found in Websense products. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute or inject arbitrary code, spoof user interface and read or write arbitrary files.

Below is a complete list of vulnerabilities

1. Multiple XSS vulnerabilities can be exploited remotely via parameters manipulation, a specially designed request and an unknown vectors related to DSS Mobile or DLP report;
2. Lack of access restrictions can be exploited remotely via direct request;
3. An unknown vulnerability can be exploited remotely via parameters manipulation and vectors related to SVM, brute force and Autocomplete;
4. Improper credentials storage can be exploited remotely via a specially designed path and other unknown vendors;
5. Multiple CSRF vulnerabilities can be exploited remotely via an unknown vectors.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Related products

Web-Security-Gateway-Anywhere

Web-Security-Gateway

Web-Security-and-Filter

TRITON-AP-DATA

TRITON-AP-EMAIL

TRITON-V-Series

TRITON-AP-WEB

CVE list

CVE-2015-2747 warning

CVE-2015-2746 high

CVE-2014-9711 warning

CVE-2015-2748 critical

CVE-2015-2703 warning

CVE-2015-2702 warning

CVE-2015-2761 warning

CVE-2015-2762 critical

CVE-2014-9712 warning

CVE-2015-2763 critical

CVE-2015-2764 warning

CVE-2015-2773 critical

CVE-2015-2767 critical

CVE-2015-2768 warning

CVE-2015-2765 warning

CVE-2015-2766 critical

CVE-2015-2771 critical

CVE-2015-2772 critical

CVE-2015-2769 high

CVE-2015-2770 high

Solution

Update to the latest version

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• CI

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• WLF

Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.

• RLF

Read Local Files. Exploitation of vulnerabilities with this impact can lead to reading some inaccessible files. Files that can be read depends on conсrete program errors.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Websense TRITON AP-WEB versions earlier than 8.0.0Websense TRITON V-Series versions earlier than 8.0.0Websense TRITON AP-EMAIL versions earlier than 8.0.0Websense Web Security and Filter 7.8.3 versions earlier than hotfix 02Websense Web Security and Filter 7.8.4 versions earlier than hotfix 01Websense Web Security Gateway 7.8.3 versions earlier than hotfix 02Websense Web Security Gateway 7.8.4 versions earlier than hotfix 01Websense Web Security Gateway Anywhere 7.8.3 versions earlier than hotfix 02Websense Web Security Gateway Anywhere 7.8.4 versions earlier than hotfix 01Websense TRITON AP-DATA versions earlier than 8.0.0