VYPR
Unrated severityNVD Advisory· Published Aug 23, 2012· Updated Jun 16, 2026

CVE-2012-4604

CVE-2012-4604

Description

The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe.

Affected products

11
  • cpe:2.3:a:websense:websense_web_security:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:websense:websense_web_security:*:*:*:*:*:*:*:*range: <=7.6
    • cpe:2.3:a:websense:websense_web_security:6.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:websense:websense_web_security:6.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:websense:websense_web_security:6.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:websense:websense_web_security:6.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:websense:websense_web_security:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:websense:websense_web_security:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:websense:websense_web_security:7.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:websense:websense_web_security:7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:websense:websense_web_security:7.5.1:*:*:*:*:*:*:*
    • (no CPE)range: < 7.6 Hotfix 24

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.