CVE-2014-0347 - The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.

CVE-2014-0347

Summary

The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.

References

Vulnerable Configurations

cpe:2.3:a:websense:triton_unified_security_center:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:triton_unified_security_center:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:triton_web_filter:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:triton_web_filter:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:triton_web_security:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:triton_web_security:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:triton_web_security_gateway:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:triton_web_security_gateway:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:triton_web_security_gateway_anywhere:7.7.3:*:*:*:*:*:*:*
cpe:2.3:a:websense:triton_web_security_gateway_anywhere:7.7.3:*:*:*:*:*:*:*

CVSS

Base:	3.5 (as of 14-04-2014 - 17:39)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:N/A:N

refmap via4

cert-vn	VU#568252
confirm	https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0

Last major update

14-04-2014 - 17:39

Published

12-04-2014 - 04:37

Last modified

14-04-2014 - 17:39