Websense Triton 7.7.3 < 7.7.3 Hotfix 31 Information Disclosure
Low Nessus Plugin ID 73520
SynopsisThe remote web server contains a web application that is affected by an information disclosure vulnerability.
DescriptionThe remote application is running Websense Triton Unified Security Center, a component of the commercial suite of web filtering products.
The remote instance of Websense Triton Unified Security Center fails to sanitize user-supplied input data in the 'Log Database' and 'User Directories' areas of the 'Settings' component. This error could allow an authenticated attacker to obtain credential information belonging to other users and possibly those owning higher privileges.
SolutionThere are no known workarounds or upgrades to correct this issue.
Websense has released the following Hotfixes to address this vulnerability :
- Web Security Gateway Anywhere v7.7.3 Hotfix 31
- Web Security Gateway v7.7.3 Hotfix 31
- Websense Web Security v7.7.3 Hotfix 31
- Websense Web Filter v7.7.3 Hotfix 31