Lucene search

ForcepointCVELIST:CVE-2023-5451

HistoryMar 04, 2024 - 3:54 p.m.

CVE-2023-5451

2024-03-0415:54:43

CWE-79

forcepoint

www.cve.org

forcepoint

ngfw

security management center

smc downloads

xss

vulnerability

cross-site scripting

next generation firewall

eca configuration

cve-2023-5451

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Forcepoint
NGFW Security Management Center Management Server has SMC Downloads
optional feature to offer standalone Management Client downloads and ECA
configuration downloads.

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Next Generation Firewall Security Management Center (SMC Downloads feature) allows Reflected XSS.

This issue affects Next Generation Firewall Security Management Center : before 6.10.13, from 6.11.0 before 7.1.2.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "SMC Downloads"
    ],
    "product": "Next Generation Firewall Security Management Center ",
    "vendor": "Forcepoint",
    "versions": [
      {
        "lessThan": "6.10.13",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "7.1.2",
        "status": "affected",
        "version": "6.11.0",
        "versionType": "semver"
      }
    ]
  }
]

References

support.forcepoint.com/s/article/000042395

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-5451