Vulnerabilites related to forcepoint - email_security
CVE-2018-16530 (GCVE-0-2018-16530)
Vulnerability from cvelistv5
Published
2019-04-09 18:47
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Stack-based Buffer Overflow
Summary
A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | Forcepoint Email Security |
Version: 8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.forcepoint.com/KBArticle?id=000016621"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16530.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forcepoint Email Security",
"vendor": "Forcepoint",
"versions": [
{
"status": "affected",
"version": "8.5"
}
]
}
],
"datePublic": "2019-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T16:10:03",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.forcepoint.com/KBArticle?id=000016621"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16530.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2018-16530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Forcepoint Email Security",
"version": {
"version_data": [
{
"version_value": "8.5"
}
]
}
}
]
},
"vendor_name": "Forcepoint"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.forcepoint.com/KBArticle?id=000016621",
"refsource": "MISC",
"url": "https://support.forcepoint.com/KBArticle?id=000016621"
},
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2018-16530.html",
"refsource": "MISC",
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16530.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2018-16530",
"datePublished": "2019-04-09T18:47:04",
"dateReserved": "2018-09-05T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2166 (GCVE-0-2024-2166)
Vulnerability from cvelistv5
Published
2024-09-04 21:37
Modified
2024-09-05 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | Email Security |
Version: 0 < 8.5.5 HF003 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:forcepoint:email_security:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "email_security",
"vendor": "forcepoint",
"versions": [
{
"lessThan": "8.5.5 HF003",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:21:40.434840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:23:10.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Real Time Monitor"
],
"product": "Email Security",
"vendor": "Forcepoint",
"versions": [
{
"lessThan": "8.5.5 HF003",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-04T19:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.\u003cp\u003eThis issue affects Email Security: before 8.5.5 HF003.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T21:37:17.923Z",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"url": "https://support.forcepoint.com/s/article/000042397"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2024-2166",
"datePublished": "2024-09-04T21:37:17.923Z",
"dateReserved": "2024-03-04T15:39:26.796Z",
"dateUpdated": "2024-09-05T14:23:10.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1700 (GCVE-0-2022-1700)
Vulnerability from cvelistv5
Published
2022-09-12 18:07
Modified
2024-08-03 00:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Summary
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Forcepoint | Data Loss Prevention (DLP) |
Version: unspecified < 8.8.2 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-1700.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Data Loss Prevention (DLP)",
"vendor": "Forcepoint",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "One Endpoint (F1E) with Policy Engine",
"vendor": "Forcepoint",
"versions": [
{
"lessThan": "8.8.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Web Security Content Gateway",
"vendor": "Forcepoint",
"versions": [
{
"lessThan": "8.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Email Security with DLP enabled",
"vendor": "Forcepoint",
"versions": [
{
"lessThan": "8.5.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Cloud Security Gateway ",
"vendor": "Forcepoint",
"versions": [
{
"status": "affected",
"version": "prior to June 20, 2022"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Forcepoint would like to thank Kaushik Joshi and Keval Shah from iAppSecure Solutions Pvt Ltd. for discovering and working with us to responsibly disclose this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-12T18:07:05",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-1700.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the following versions:\nForcepoint Data Loss Prevention (DLP) versions 8.8.2 or above.\nForcepoint One Endpoint (F1E) with Policy Engine versions 8.8.2 or above.\nForcepoint Web Security Content Gateway versions 8.5.5 or above.\nForcepoint Email Security with DLP enabled versions 8.5.5 or above."
}
],
"source": {
"discovery": "EXTERNAL"
},
"workarounds": [
{
"lang": "en",
"value": "See https://help.forcepoint.com/security/CVE/CVE-2022-1700.html"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2022-1700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Data Loss Prevention (DLP)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.8.2"
}
]
}
},
{
"product_name": "One Endpoint (F1E) with Policy Engine",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.8.2"
}
]
}
},
{
"product_name": "Web Security Content Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.5.5"
}
]
}
},
{
"product_name": "Email Security with DLP enabled",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.5.5"
}
]
}
},
{
"product_name": "Cloud Security Gateway ",
"version": {
"version_data": [
{
"version_value": "prior to June 20, 2022"
}
]
}
}
]
},
"vendor_name": "Forcepoint"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Forcepoint would like to thank Kaushik Joshi and Keval Shah from iAppSecure Solutions Pvt Ltd. for discovering and working with us to responsibly disclose this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2022-1700.html",
"refsource": "MISC",
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-1700.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the following versions:\nForcepoint Data Loss Prevention (DLP) versions 8.8.2 or above.\nForcepoint One Endpoint (F1E) with Policy Engine versions 8.8.2 or above.\nForcepoint Web Security Content Gateway versions 8.5.5 or above.\nForcepoint Email Security with DLP enabled versions 8.5.5 or above."
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "See https://help.forcepoint.com/security/CVE/CVE-2022-1700.html"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2022-1700",
"datePublished": "2022-09-12T18:07:05",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6142 (GCVE-0-2019-6142)
Vulnerability from cvelistv5
Published
2019-11-05 20:49
Modified
2024-08-04 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | Forcepoint Email Security |
Version: 8.5 Version: 8.5.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6142.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forcepoint Email Security",
"vendor": "Forcepoint",
"versions": [
{
"status": "affected",
"version": "8.5"
},
{
"status": "affected",
"version": "8.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T16:39:32",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6142.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2019-6142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Forcepoint Email Security",
"version": {
"version_data": [
{
"version_value": "8.5"
},
{
"version_value": "8.5.3"
}
]
}
}
]
},
"vendor_name": "Forcepoint"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2019-6142.html",
"refsource": "CONFIRM",
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6142.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2019-6142",
"datePublished": "2019-11-05T20:49:15",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6590 (GCVE-0-2020-6590)
Vulnerability from cvelistv5
Published
2021-04-08 21:32
Modified
2024-08-04 09:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Summary
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Forcepoint Web Security Content Gateway |
Version: versions prior to 8.5.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:04.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2020-6590.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forcepoint Web Security Content Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 8.5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T17:01:24",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2020-6590.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2020-6590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Forcepoint Web Security Content Gateway",
"version": {
"version_data": [
{
"version_value": "versions prior to 8.5.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2020-6590.html",
"refsource": "CONFIRM",
"url": "https://help.forcepoint.com/security/CVE/CVE-2020-6590.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2020-6590",
"datePublished": "2021-04-08T21:32:59",
"dateReserved": "2020-01-08T00:00:00",
"dateUpdated": "2024-08-04T09:11:04.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2080 (GCVE-0-2023-2080)
Vulnerability from cvelistv5
Published
2023-06-15 22:18
Modified
2024-12-11 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | Cloud Security Gateway (CSG) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:19.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.forcepoint.com/s/article/000041871"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-11T20:33:24.376436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T20:33:35.315Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Portal",
"platforms": [
"Web Cloud Security Gateway",
"Email Security Cloud"
],
"product": "Cloud Security Gateway (CSG) ",
"vendor": "Forcepoint",
"versions": [
{
"status": "unaffected",
"version": "TBD"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection."
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection."
}
],
"impacts": [
{
"capecId": "CAPEC-7",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-7 Blind SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T22:18:58.058Z",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"url": "https://support.forcepoint.com/s/article/000041871"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2023-2080",
"datePublished": "2023-06-15T22:18:58.058Z",
"dateReserved": "2023-04-14T19:12:38.266Z",
"dateUpdated": "2024-12-11T20:33:35.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16529 (GCVE-0-2018-16529)
Vulnerability from cvelistv5
Published
2019-03-28 16:02
Modified
2024-08-05 10:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Summary
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | Forcepoint Email Security |
Version: 8.5.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/23"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16529.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forcepoint Email Security",
"vendor": "Forcepoint",
"versions": [
{
"status": "affected",
"version": "8.5.x"
}
]
}
],
"datePublic": "2018-11-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T17:09:52",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/23"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16529.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2018-16529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Forcepoint Email Security",
"version": {
"version_data": [
{
"version_value": "8.5.x"
}
]
}
}
]
},
"vendor_name": "Forcepoint"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2018/Nov/23",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/23"
},
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2018-16529.html",
"refsource": "CONFIRM",
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16529.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2018-16529",
"datePublished": "2019-03-28T16:02:03",
"dateReserved": "2018-09-05T00:00:00",
"dateUpdated": "2024-08-05T10:24:32.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6140 (GCVE-0-2019-6140)
Vulnerability from cvelistv5
Published
2019-04-09 20:51
Modified
2024-08-04 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | Forcepoint Email Security |
Version: 8.4 Version: 8.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6140.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forcepoint Email Security",
"vendor": "Forcepoint",
"versions": [
{
"status": "affected",
"version": "8.4"
},
{
"status": "affected",
"version": "8.5"
}
]
}
],
"datePublic": "2019-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T17:07:51",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6140.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2019-6140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Forcepoint Email Security",
"version": {
"version_data": [
{
"version_value": "8.4"
},
{
"version_value": "8.5"
}
]
}
}
]
},
"vendor_name": "Forcepoint"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2019-6140.html",
"refsource": "CONFIRM",
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6140.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2019-6140",
"datePublished": "2019-04-09T20:51:32",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:23.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-05 21:15
Modified
2024-11-21 04:46
Severity ?
Summary
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | email_security | 8.5 | |
| forcepoint | email_security | 8.5.3 | |
| forcepoint | security_manager | 8.5 | |
| forcepoint | security_manager | 8.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:email_security:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "78E3F701-3818-4F61-9106-39BCE15B28C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:email_security:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F954B655-E3BC-4D8D-8C3B-DFF973568D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:security_manager:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B028429B-B847-43FB-8930-2BE4731360FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:security_manager:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDE81F6-249B-44E2-85CD-6B15745D4C69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue."
},
{
"lang": "es",
"value": "Ha sido reportado que una vulnerabilidad de tipo XSS es posible en Forcepoint Email Security, versiones 8.5 y 8.5.3. Se recomienda encarecidamente que apliquen un parche en caliente para solucionar este problema."
}
],
"id": "CVE-2019-6142",
"lastModified": "2024-11-21T04:46:01.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-05T21:15:13.823",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6142.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6142.html"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-08 22:15
Modified
2024-11-21 05:36
Severity ?
Summary
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | data_loss_prevention | * | |
| forcepoint | email_security | * | |
| forcepoint | web_security_content_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:data_loss_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37C7FDC7-F210-4016-AF86-25264A4821F0",
"versionEndExcluding": "8.7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:email_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E773C152-EE26-46C1-AE81-E4775B68D31B",
"versionEndExcluding": "8.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:web_security_content_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56A632C0-A8D7-4AD8-B5FB-CAB86385DBA9",
"versionEndExcluding": "8.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure."
},
{
"lang": "es",
"value": "Forcepoint Web Security Content Gateway versiones anteriores a 8.5.4, procesan inapropiadamente una entrada XML, conllevando a una divulgaci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2020-6590",
"lastModified": "2024-11-21T05:36:01.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-08T22:15:13.230",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2020-6590.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2020-6590.html"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-12 19:15
Modified
2024-11-21 06:41
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@forcepoint.com | https://help.forcepoint.com/security/CVE/CVE-2022-1700.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.forcepoint.com/security/CVE/CVE-2022-1700.html | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | cloud_security_gateway | * | |
| forcepoint | data_loss_prevention | * | |
| forcepoint | email_security | * | |
| forcepoint | one_endpoint_with_policy_engine | * | |
| forcepoint | web_security_content_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:cloud_security_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B7C1BB-DBE3-4B1A-8AD8-FCBFF17A348B",
"versionEndExcluding": "2022-06-20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:data_loss_prevention:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9214843F-3E98-479A-A300-5ECA5DEE46E2",
"versionEndExcluding": "8.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:email_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0679763-2B2A-463B-A010-700681AFA2D7",
"versionEndExcluding": "8.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:one_endpoint_with_policy_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8430D2-6CF7-427B-BB2D-3F2784FE6592",
"versionEndExcluding": "8.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:web_security_content_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "381588B3-E87A-4C12-A190-1FA8EBE17621",
"versionEndExcluding": "8.5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022."
},
{
"lang": "es",
"value": "Una vulnerabilidad de restricci\u00f3n inapropiada de tipo XML External Entity Reference (\"XXE\") en el motor de pol\u00edticas de Forcepoint Data Loss Prevention (DLP), que tambi\u00e9n es aprovechado por Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security con DLP activado y Cloud Security Gateway antes del 20 de junio de 2022. Se ha detectado que el analizador XML del motor de pol\u00edticas no est\u00e1 configurado correctamente para admitir entidades externas y DTD (Document Type Definitions) externas, lo que puede conllevar a un ataque de tipo XXE. Este problema afecta a: Las versiones de Forcepoint Data Loss Prevention (DLP) anteriores a 8.8.2. Forcepoint One Endpoint (F1E) con versiones de Policy Engine anteriores a 8.8.2. Versiones de Forcepoint Web Security Content Gateway anteriores a 8.5.5. Forcepoint Email Security con versiones DLP habilitadas anteriores a 8.5.5. Forcepoint Cloud Security Gateway anterior al 20 de junio de 2022"
}
],
"id": "CVE-2022-1700",
"lastModified": "2024-11-21T06:41:16.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-12T19:15:08.603",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-1700.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-1700.html"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-09 19:29
Modified
2024-11-21 03:52
Severity ?
Summary
A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@forcepoint.com | https://help.forcepoint.com/security/CVE/CVE-2018-16530.html | Vendor Advisory | |
| psirt@forcepoint.com | https://support.forcepoint.com/KBArticle?id=000016621 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.forcepoint.com/security/CVE/CVE-2018-16530.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.forcepoint.com/KBArticle?id=000016621 | Permissions Required, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | email_security | 8.5.0 | |
| forcepoint | email_security | 8.5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:email_security:8.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE606FF-8D95-4DA7-8A13-C24C7FCCD8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:email_security:8.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F954B655-E3BC-4D8D-8C3B-DFF973568D6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en regi\u00f3n stack de la memoria en Forcepoint Email Security versi\u00f3n 8.5 permite a un atacante crear una entrada maliciosa y potencialmente bloquear un proceso creando una denegaci\u00f3n de servicio (DoS). Si bien no se conocen vulnerabilidades de Remote Code Execution (RCE), como con todos los desbordamientos de b\u00fafer, no se puede descartar completamente la posibilidad de que RCE se ejecute. La Data Execution Protection (DEP) ya est\u00e1 habilitada en el dispositivo de Email como una mitigaci\u00f3n de riesgos."
}
],
"id": "CVE-2018-16530",
"lastModified": "2024-11-21T03:52:55.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-09T19:29:00.273",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16530.html"
},
{
"source": "psirt@forcepoint.com",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://support.forcepoint.com/KBArticle?id=000016621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16530.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://support.forcepoint.com/KBArticle?id=000016621"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-15 23:15
Modified
2024-11-21 07:57
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@forcepoint.com | https://support.forcepoint.com/s/article/000041871 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.forcepoint.com/s/article/000041871 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | email_security | - | |
| forcepoint | web_security | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:email_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DD17A1-E6F8-4ED5-9566-C5C3A62EFCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:web_security:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66F97068-979A-4D45-B2C6-A98FF1887EED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection."
}
],
"id": "CVE-2023-2080",
"lastModified": "2024-11-21T07:57:53.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-15T23:15:09.020",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.forcepoint.com/s/article/000041871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.forcepoint.com/s/article/000041871"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-04 22:15
Modified
2024-09-12 17:19
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@forcepoint.com | https://support.forcepoint.com/s/article/000042397 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | email_security | * | |
| forcepoint | email_security | 8.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:email_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0679763-2B2A-463B-A010-700681AFA2D7",
"versionEndExcluding": "8.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:email_security:8.5.5:-:*:*:*:*:*:*",
"matchCriteriaId": "5EB5F047-ACD1-48CD-939C-D5C4AAD7DD90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\u0027Cross-site Scripting\u0027) en Forcepoint Email Security (m\u00f3dulos Real Time Monitor) permite XSS reflejado. Este problema afecta a Email Security: anterior a 8.5.5 HF003."
}
],
"id": "CVE-2024-2166",
"lastModified": "2024-09-12T17:19:43.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-04T22:15:04.260",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.forcepoint.com/s/article/000042397"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-28 17:29
Modified
2024-11-21 03:52
Severity ?
Summary
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@forcepoint.com | https://help.forcepoint.com/security/CVE/CVE-2018-16529.html | Vendor Advisory | |
| psirt@forcepoint.com | https://seclists.org/fulldisclosure/2018/Nov/23 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.forcepoint.com/security/CVE/CVE-2018-16529.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/fulldisclosure/2018/Nov/23 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | email_security | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:email_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F059F008-0779-4226-950F-E3DC20E39A30",
"versionEndIncluding": "8.5.3",
"versionStartIncluding": "8.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de restablecimiento de contrase\u00f1a en Forcepoint Email Security 8.5.x. La URL de restablecimiento de contrase\u00f1a puede utilizarse despu\u00e9s del periodo de expiraci\u00f3n intencionado o despu\u00e9s de que la contrase\u00f1a se haya utilizado para restablecer una contrase\u00f1a."
}
],
"id": "CVE-2018-16529",
"lastModified": "2024-11-21T03:52:55.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-28T17:29:00.257",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16529.html"
},
{
"source": "psirt@forcepoint.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2018-16529.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/fulldisclosure/2018/Nov/23"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-640"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-09 21:29
Modified
2024-11-21 04:46
Severity ?
Summary
A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | email_security | * | |
| forcepoint | email_security | 8.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:email_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "838F3082-DB5C-4989-A073-D0616221A2C2",
"versionEndIncluding": "8.5.3",
"versionStartIncluding": "8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:forcepoint:email_security:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "165CFDAE-C178-4EB5-8DB3-BFA7FAE36ECC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed."
},
{
"lang": "es",
"value": "Se ha detectado un problema de configuraci\u00f3n en Forcepoint Email Security versiones 8.4. x y 8.5. x: el producto se deja en un estado vulnerable si el proceso de registro h\u00edbrido no es completado"
}
],
"id": "CVE-2019-6140",
"lastModified": "2024-11-21T04:46:01.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-09T21:29:03.757",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6140.html"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}