VAR-201404-0465
Vulnerability from variot - Updated: 2023-12-18 13:34The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component. Websense Provided by TRITON Unified Security Center Contains an information disclosure vulnerability. CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.htmlA user who has some account of the product may obtain the authentication information of other users. are all products of American Websense. A remote attacker can exploit this vulnerability to read plaintext passwords by replacing type='password'
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0465",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "triton web security gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "websense",
"version": "7.7.3"
},
{
"model": "triton web security",
"scope": "eq",
"trust": 1.6,
"vendor": "websense",
"version": "7.7.3"
},
{
"model": "triton web filter",
"scope": "eq",
"trust": 1.6,
"vendor": "websense",
"version": "7.7.3"
},
{
"model": "triton unified security center",
"scope": "eq",
"trust": 1.6,
"vendor": "websense",
"version": "7.7.3"
},
{
"model": "triton web security gateway anywhere",
"scope": "eq",
"trust": 1.6,
"vendor": "websense",
"version": "7.7.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "websense",
"version": null
},
{
"model": "triton unified security center",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.7.3 hotfix 31 earlier"
},
{
"model": "websense web filter",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.7.3 hotfix 31 earlier"
},
{
"model": "websense web security",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.7.3 hotfix 31 earlier"
},
{
"model": "websense web security gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.7.3 hotfix 31 earlier"
},
{
"model": "websense web security gateway anywhere",
"scope": "lt",
"trust": 0.8,
"vendor": "web sense",
"version": "7.7.3 hotfix 31 earlier"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568252"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001919"
},
{
"db": "NVD",
"id": "CVE-2014-0347"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-167"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:websense:triton_web_filter:7.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:websense:triton_web_security:7.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:websense:triton_web_security_gateway:7.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:websense:triton_web_security_gateway_anywhere:7.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:websense:triton_unified_security_center:7.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0347"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Patrick Kelley of Critical Assets",
"sources": [
{
"db": "BID",
"id": "66687"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0347",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "LOW",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 0.9,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 6.8,
"id": "CVE-2014-0347",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "LOW",
"targetDistribution": "LOW",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-001919",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-67840",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0347",
"trust": 1.8,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2014-001919",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-167",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-67840",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568252"
},
{
"db": "VULHUB",
"id": "VHN-67840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001919"
},
{
"db": "NVD",
"id": "CVE-2014-0347"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-167"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type=\"password\" with type=\"text\" in an INPUT element in the (1) Log Database or (2) User Directories component. Websense Provided by TRITON Unified Security Center Contains an information disclosure vulnerability. CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.htmlA user who has some account of the product may obtain the authentication information of other users. are all products of American Websense. A remote attacker can exploit this vulnerability to read plaintext passwords by replacing type=\u0027password\u0027",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0347"
},
{
"db": "CERT/CC",
"id": "VU#568252"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001919"
},
{
"db": "BID",
"id": "66687"
},
{
"db": "VULHUB",
"id": "VHN-67840"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0347",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#568252",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU93154457",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001919",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-167",
"trust": 0.7
},
{
"db": "BID",
"id": "66687",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-62088",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-67840",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568252"
},
{
"db": "VULHUB",
"id": "VHN-67840"
},
{
"db": "BID",
"id": "66687"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001919"
},
{
"db": "NVD",
"id": "CVE-2014-0347"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-167"
}
]
},
"id": "VAR-201404-0465",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67840"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:34:38.895000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Websense V7.7.3 HF31 Manager Password Vulnerability issue (\u8981\u30ed\u30b0\u30a4\u30f3)",
"trust": 0.8,
"url": "https://www.websense.com/content/registration.aspx?task=signin\u0026patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
},
{
"title": "Web Security Gateway Anywhere",
"trust": 0.8,
"url": "http://www.websense.com/content/web-security-gateway-anywhere-features.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001919"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67840"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001919"
},
{
"db": "NVD",
"id": "CVE-2014-0347"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026prodidx=20\u0026osidx=0\u0026intidx=0\u0026versionidx=0"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/568252"
},
{
"trust": 0.8,
"url": "https://www.websense.com/content/web-security-gateway-anywhere-features.aspx"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0347"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93154457/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0347"
},
{
"trust": 0.3,
"url": "http://www.websense.com"
},
{
"trust": 0.1,
"url": "https://www.websense.com/content/mywebsense-hotfixes.aspx?patchid=894\u0026amp;prodidx=20\u0026amp;osidx=0\u0026amp;intidx=0\u0026amp;versionidx=0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#568252"
},
{
"db": "VULHUB",
"id": "VHN-67840"
},
{
"db": "BID",
"id": "66687"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001919"
},
{
"db": "NVD",
"id": "CVE-2014-0347"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-167"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#568252"
},
{
"db": "VULHUB",
"id": "VHN-67840"
},
{
"db": "BID",
"id": "66687"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001919"
},
{
"db": "NVD",
"id": "CVE-2014-0347"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-167"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-07T00:00:00",
"db": "CERT/CC",
"id": "VU#568252"
},
{
"date": "2014-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-67840"
},
{
"date": "2014-04-07T00:00:00",
"db": "BID",
"id": "66687"
},
{
"date": "2014-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001919"
},
{
"date": "2014-04-12T04:37:31.377000",
"db": "NVD",
"id": "CVE-2014-0347"
},
{
"date": "2014-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-167"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-07T00:00:00",
"db": "CERT/CC",
"id": "VU#568252"
},
{
"date": "2014-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-67840"
},
{
"date": "2014-04-07T00:00:00",
"db": "BID",
"id": "66687"
},
{
"date": "2014-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001919"
},
{
"date": "2014-04-14T17:39:34.860000",
"db": "NVD",
"id": "CVE-2014-0347"
},
{
"date": "2014-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-167"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-167"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Websense Triton Unified Security Center 7.7.3 information disclosure vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#568252"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-167"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…