- Websense TRITON V-Series prior to 8.0.0
Multiple vulnerabilities have been discovered in Websense TRITON V-Series that may result in remote code execution. They are as follows:
- Cross-Site Request Forgery (CSRF) in command line page (CVE 2015-2770) - A vulnerability in the command line page in Websense TRITON V-Series that allows remote attackers to hijack the authentication of unspecified victims.
- Mail Server Accepts Plaintext Credentials QualysGuard Potential Vulnerability (CVE-2015-2771) - A vulnerability in which credentials are received in plaintext which may allow attackers to obtain sensitive information.
- Unspecified Arbitrary File Upload Vulnerability (CVE-2015-2772) - An unspecified file-upload vulnerability that an attacker could leverage to upload arbitrary files to the affected machine resulting in code execution.
- Unspecified Arbitrary File Read Vulnerability (CVE-2015-2773) - An unspecified arbitrary file read vulnerability that could allow an attacker to read arbitrary files in the context of the user running the application.
We recommend the following actions be taken:
- Apply appropriate patches provided by Websense to vulnerable systems immediately after appropriate testing.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.