exploitDog

CVE-2014-0347

Опубликовано: 12 апр. 2014

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:websense:triton_unified_security_center:7.7.3:*:*:*:*:*:*:*

cpe:2.3:a:websense:triton_web_filter:7.7.3:*:*:*:*:*:*:*

cpe:2.3:a:websense:triton_web_security:7.7.3:*:*:*:*:*:*:*

cpe:2.3:a:websense:triton_web_security_gateway:7.7.3:*:*:*:*:*:*:*

cpe:2.3:a:websense:triton_web_security_gateway_anywhere:7.7.3:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00211

Низкий

3.5 Low

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-xmr6-rg25-v9gg

github

больше 3 лет назад

The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotfix 31 allows remote authenticated users to read cleartext passwords by replacing type="password" with type="text" in an INPUT element in the (1) Log Database or (2) User Directories component.

EPSS

Процентиль: 44%

0.00211

Низкий

3.5 Low

CVSS2

Дефекты

CWE-255