Lucene search

[email protected]CVE-2023-2080

HistoryJun 15, 2023 - 11:15 p.m.

CVE-2023-2080

2023-06-1523:15:09

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-2080

forcepoint

csg

portal

blind sql injection

web security

email security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.

Affected configurations

NVD

Node

forcepointemail_securityMatch-

forcepointweb_securityMatch-

CPENameOperatorVersion
forcepoint:email_securityforcepoint email securityeq-
forcepoint:web_securityforcepoint web securityeq-

CPE	Name	Operator	Version
forcepoint:email_security	forcepoint email security	eq	-
forcepoint:web_security	forcepoint web security	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Portal",
    "platforms": [
      "Web Cloud Security Gateway",
      "Email Security Cloud"
    ],
    "product": "Cloud Security Gateway (CSG) ",
    "vendor": "Forcepoint",
    "versions": [
      {
        "status": "unaffected",
        "version": "TBD"
      }
    ]
  }
]

References

support.forcepoint.com/s/article/000041871

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

Related for CVE-2023-2080

prion1 nvd1 cvelist1