The last couple of days we published 22 security advisories in various products of Websense, EMC, and Citrix. Vulnerabilities include information disclosure, Cross-Site Scripting, path traversal, and command injection. Combining these issues can result in a full compromise of the applications and in some cases it was even possible to obtain Windows Domain Administrator privileges. These advisories can be found in our security advisories section.
There are still unfixed vulnerabilities in these products. The number of undisclosed issues:
- Websense 5 issues;
- EMC 7 issues;
- Citrix 5 issues.
The total number of findings is concerning especially given that these are security products or are used to enforce security policies. We would expect that these products are built with a big focus on security; this is clearly not the case. We as an industry still have a long way to go.