Websense Products Multiple Vulnerabilities

Last Update Date: 28 Dec 2011 15:18 Release Date: 28 Dec 2011 4735 Views

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities have been identified in Websense products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a vulnerable system.

An unspecified error within the report management web interface can be exploited to bypass the authentication mechanism.
Certain input passed to the report management web interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
An unspecified error can be exploited to execute arbitrary code.
Certain unspecified input is not properly sanitised in the report management web interface before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Impact

Cross-Site Scripting
Security Restriction Bypass
Data Manipulation

System / Technologies affected

Websense Web Filter 7.x
Websense Web Security 7.x
Websense Web Security Gateway 7.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply Hotfix 12 for version 7.6.2 or Hotfix 24 for version 7.6.0.

Vulnerability Identifier

No CVE information is available

Source

Secunia