CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27609
https://notcve.org/view.php?id=CVE-2022-27609
04 Apr 2022 — Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it. Forcepoint One Endpoint anterior a la versión 22.01 instalada en Microsoft Windows no ofrece suficiente protección antimanipulación de servicios por parte de usuarios con privilegios de administrador. Esto podría dar lugar a que un ... • https://help.forcepoint.com/security/CVE/CVE-2022-27609.html • CWE-863: Incorrect Authorization •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27608
https://notcve.org/view.php?id=CVE-2022-27608
04 Apr 2022 — Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it. Forcepoint One Endpoint versiones anteriores a 22.01, instalada en Microsoft Windows es vulnerable a una manipulación de la clave del registro por parte de usuarios con privilegios de admin... • https://help.forcepoint.com/security/CVE/CVE-2022-27608.html • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41530
https://notcve.org/view.php?id=CVE-2021-41530
04 Oct 2021 — Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. Forcepoint NGFW Engine versiones 6.5.11 y anteriores, 6.8.6 y anteriores, y 6.10.0 son vulnerables a una vulnerabilidad de amplificación reflejada TCP, si se ha configurado HTTP User Response • https://help.forcepoint.com/security/CVE/CVE-2021-41530.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6590
https://notcve.org/view.php?id=CVE-2020-6590
08 Apr 2021 — Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. Forcepoint Web Security Content Gateway versiones anteriores a 8.5.4, procesan inapropiadamente una entrada XML, conllevando a una divulgación de información • https://help.forcepoint.com/security/CVE/CVE-2020-6590.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-6146 – Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-6146
22 Jan 2020 — It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Se ha reportado que un ataque de tipo cross-site scripting (XSS) es posible en Forcepoint Web Security, versiones 8.x, por medio de una inyección de encabezado de host. CVSSv3.0: 5.3 (Medio) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Forcepoint WebSecurity version 8.5 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/156274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6147
https://notcve.org/view.php?id=CVE-2019-6147
23 Dec 2019 — Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database is corrupted, the SMC might produce an incorrect IPsec configuration for the Forcepoint Next Generation Firewall (NGFW), possibly resulting in settings that are weaker than expected. All SMC versions lower than 6.5.12 or 6.7.1 are vulnerable. Forcepoint NGFW Security Management Center (SMC) versiones por debaj... • https://help.forcepoint.com/security/CVE/CVE-2019-6147.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6142
https://notcve.org/view.php?id=CVE-2019-6142
05 Nov 2019 — It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. Ha sido reportado que una vulnerabilidad de tipo XSS es posible en Forcepoint Email Security, versiones 8.5 y 8.5.3. Se recomienda encarecidamente que apliquen un parche en caliente para solucionar este problema. • https://help.forcepoint.com/security/CVE/CVE-2019-6142.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6144
https://notcve.org/view.php?id=CVE-2019-6144
23 Oct 2019 — This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. Esta vulnerabilidad permite a un usuario normal (no administrador) deshabilitar Forcepoint One Endpoint (versiones 19.04 hasta 19.08) y omitir DLP y la protección web. • https://help.forcepoint.com/security/CVE/CVE-2019-6144.html • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6145
https://notcve.org/view.php?id=CVE-2019-6145
20 Sep 2019 — Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. Forcepoint VPN Client para Windows versiones anteriores a 6.6.1, presenta una vulnerabilidad de ruta de búsqueda sin comillas. • https://help.forcepoint.com/security/CVE/CVE-2019-6145.html • CWE-428: Unquoted Search Path or Element •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6143
https://notcve.org/view.php?id=CVE-2019-6143
20 Aug 2019 — Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. The vulnerability affects the following NGFW features when the LDAP authentication method is used as the backend authentication: IPsec VPN, SSL VPN or Browser-based user authentication. The vulnerability does not apply when a... • https://help.forcepoint.com/security/CVE/CVE-2019-6143.html • CWE-287: Improper Authentication •