Lucene search

ForcepointCVE-2023-5451

HistoryMar 04, 2024 - 4:15 p.m.

CVE-2023-5451

2024-03-0416:15:49

CWE-79

forcepoint

web.nvd.nist.gov

forcepoint

ngfw

security management center

xss

vulnerability

cve-2023-5451

nvd

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

9.0%

JSON

Forcepoint
NGFW Security Management Center Management Server has SMC Downloads
optional feature to offer standalone Management Client downloads and ECA
configuration downloads.

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Next Generation Firewall Security Management Center (SMC Downloads feature) allows Reflected XSS.

This issue affects Next Generation Firewall Security Management Center : before 6.10.13, from 6.11.0 before 7.1.2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "SMC Downloads"
    ],
    "product": "Next Generation Firewall Security Management Center ",
    "vendor": "Forcepoint",
    "versions": [
      {
        "lessThan": "6.10.13",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "7.1.2",
        "status": "affected",
        "version": "6.11.0",
        "versionType": "semver"
      }
    ]
  }
]

References

support.forcepoint.com/s/article/000042395

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-5451