Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-0347

The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.

Published

2014-04-12T04:37:31.377

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.5 (LOW)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

2.9

Weaknesses

Type: Primary
CWE-255

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	websense	triton_unified_security_center	7.7.3	Yes
Application	websense	triton_web_filter	7.7.3	Yes
Application	websense	triton_web_security	7.7.3	Yes
Application	websense	triton_web_security_gateway	7.7.3	Yes
Application	websense	triton_web_security_gateway_anywhere	7.7.3	Yes

References

http://www.kb.cert.org/vuls/id/568252 US Government Resource ([email protected])
https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0 ([email protected])
http://www.kb.cert.org/vuls/id/568252 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894&prodidx=20&osidx=0&intidx=0&versionidx=0 (af854a3a-2127-422b-91ae-364da2661108)