CVE-2012-4604 Information

Description

The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field in conjunction with a crafted userRoles field in a cookie as demonstrated by a request to explorer_wse/favorites.exe.

Reference

http://www.securityfocus.com/archive/1/522530