Vigil@nce - Websense TRITON AP-DATA: four vulnerabilities
April 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Websense TRITON
AP-DATA.
Impacted products: TRITON AP-DATA
Severity: 2/4
Creation date: 19/03/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Websense TRITON AP-DATA.
An attacker can use a Microsoft Windows Unquoted Service Path, in
order to obtain sensitive information. [severity:2/4; EIP-223]
An attacker can trigger a Cross Site Scripting in DSS Mobile
Report Catalog, in order to execute JavaScript code in the context
of the web site. [severity:2/4; CVE-2015-2764, DSS-8369]
An attacker can trigger a Cross Site Scripting in DSS UI - DSS DLP
Report Catalog, in order to execute JavaScript code in the context
of the web site. [severity:2/4; CVE-2015-2747, CVE-2015-2764,
DSS-8368]
An attacker, located as a Man-in-the-Middle, can decrypt a SSL 3.0
session, in order to obtain sensitive information
(VIGILANCE-VUL-15485). [severity:2/4; CVE-2014-3566, DSS-7910,
EI-2301, EI-2970, WCG-2301, WCG-2347, WSE 4544, WSE-4723]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Websense-TRITON-AP-DATA-four-vulnerabilities-16419