7 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection. • https://support.forcepoint.com/s/article/000041871 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. • https://help.forcepoint.com/security/CVE/CVE-2022-1700.html • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. Forcepoint Web Security Content Gateway versiones anteriores a 8.5.4, procesan inapropiadamente una entrada XML, conllevando a una divulgación de información • https://help.forcepoint.com/security/CVE/CVE-2020-6590.html • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. Ha sido reportado que una vulnerabilidad de tipo XSS es posible en Forcepoint Email Security, versiones 8.5 y 8.5.3. Se recomienda encarecidamente que apliquen un parche en caliente para solucionar este problema. • https://help.forcepoint.com/security/CVE/CVE-2019-6142.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. Se ha detectado un problema de configuración en Forcepoint Email Security versiones 8.4. x y 8.5. x: el producto se deja en un estado vulnerable si el proceso de registro híbrido no es completado • https://help.forcepoint.com/security/CVE/CVE-2019-6140.html • CWE-284: Improper Access Control •