CVE-2015-2746: The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON
infovulnerability
security
Summary
A command injection vulnerability (CWE-77, a flaw where special characters bypass security checks and let attackers run unauthorized commands) exists in the Websense TRITON Appliance Manager's network diagnostics tool. Remote authenticated users can execute arbitrary commands by inserting shell metacharacters (special symbols like pipes or semicolons) into command parameters, such as the Destination field in the ping command.
Solution / Mitigation
Update to Websense TRITON V-Series appliances version 7.8.4 Hotfix 02 or later.
Vulnerability Details
CVSS Score
6.5
EPSS (30-day exploit probability)
EPSS: 23.9%
Classification
Attack SophisticationModerate
Original source: https://nvd.nist.gov/vuln/detail/CVE-2015-2746
First tracked: February 15, 2026 at 08:45 PM
Classified by LLM (prompt v3) · confidence: 95%