8 matches found
CVE-2020-6590
CVE-2020-6590 affects Forcepoint Web Security Content Gateway versions prior to 8.5.4, where improper processing of XML input leads to information disclosure. The issue is rooted in XML handling (XML input processing) and can be triggered remotely over the network with low attack complexity; no u...
CVE-2022-1700
CVE-2022-1700 is an XXE vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP). The XML parser was configured to allow external entities/DTDs, affecting DLP versions before 8.8.2 and related products: Forcepoint One Endpoint (Policy Engine before 8.8.2), Forcepoint Web Securi...
CVE-2019-6140
Forcepoint Email Security 8.4.x and 8.5.x are affected by a configuration issue that leaves the product vulnerable if the hybrid registration process is not completed. The CVE-2019-6140 entry is described as a high-severity configuration flaw (CVSS v3.1: 9.8, CRITICAL) with the impact stated as p...
CVE-2024-2166
CVE-2024-2166 affects Forcepoint Email Security (Real Time Monitor modules). Root cause: improper neutralization of input during web page generation, leading to a reflected cross-site scripting (XSS) vulnerability. Affected product version: Email Security prior to 8.5.5 HF003. CVSS details from N...
CVE-2023-2080
CVE-2023-2080 covers an SQL injection issue in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway and Email Security Cloud. The root cause cited is improper neutralization of special elements used in an SQL command, leading to Blind SQL Injection. Documents indicate affe...
CVE-2018-16530
The CVE-2018-16530 entry concerns Forcepoint Email Security version 8.5, where a stack-based buffer overflow in the product allows crafting input that can crash a process and cause a denial-of-service. The description notes that while no known Remote Code Execution (RCE) vulnerabilities exist, th...
CVE-2019-6142
The CVE-2019-6142 entry concerns Forcepoint Email Security, specifically versions 8.5 through 8.5.3, where a cross-site scripting (XSS) vulnerability exists. The connected documents describe a web-application flaw that lacks proper validation of client-side data, enabling potential client-side co...
CVE-2018-16529
CVE-2018-16529 affects Forcepoint Email Security 8.5.x. A password-reset flow flaw allows the password-reset URL to be usable after its intended expiration or after it has already been used, enabling account compromise without additional authentication. NVD metrics indicate a high impact on confi...