CVE-2012-4604
Websense Web Security <7.6.24 - Auth Bypass
Title source: llmDescription
The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe.
References (1)
Scores
EPSS
0.0018
EPSS Percentile
38.9%
Classification
CWE
CWE-287
Status
draft
Affected Products (10)
websense/websense_web_security
< 7.6
websense/websense_web_security
websense/websense_web_security
websense/websense_web_security
websense/websense_web_security
websense/websense_web_security
websense/websense_web_security
websense/websense_web_security
websense/websense_web_security
websense/websense_web_security
Timeline
Published
Aug 23, 2012
Tracked Since
Feb 18, 2026