CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41530
https://notcve.org/view.php?id=CVE-2021-41530
Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. Forcepoint NGFW Engine versiones 6.5.11 y anteriores, 6.8.6 y anteriores, y 6.10.0 son vulnerables a una vulnerabilidad de amplificación reflejada TCP, si se ha configurado HTTP User Response • https://help.forcepoint.com/security/CVE/CVE-2021-41530.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6590
https://notcve.org/view.php?id=CVE-2020-6590
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. Forcepoint Web Security Content Gateway versiones anteriores a 8.5.4, procesan inapropiadamente una entrada XML, conllevando a una divulgación de información • https://help.forcepoint.com/security/CVE/CVE-2020-6590.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6146 – Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-6146
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Se ha reportado que un ataque de tipo cross-site scripting (XSS) es posible en Forcepoint Web Security, versiones 8.x, por medio de una inyección de encabezado de host. CVSSv3.0: 5.3 (Medio) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Forcepoint WebSecurity version 8.5 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/48029 http://packetstormsecurity.com/files/156274/Forcepoint-WebSecurity-8.5-Cross-Site-Scripting.html https://help.forcepoint.com/security/CVE/CVE-2019-6146.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6147
https://notcve.org/view.php?id=CVE-2019-6147
Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database is corrupted, the SMC might produce an incorrect IPsec configuration for the Forcepoint Next Generation Firewall (NGFW), possibly resulting in settings that are weaker than expected. All SMC versions lower than 6.5.12 or 6.7.1 are vulnerable. Forcepoint NGFW Security Management Center (SMC) versiones por debajo de 6.5.12 o 6.7.1, presenta un problema poco frecuente que, en circunstancias específicas, puede corromper la base de datos de la configuración interna. Cuando la base de datos está corrupta, el SMC puede producir una configuración IPsec incorrecta para el Forcepoint Next Generation Firewall (NGFW), resultando posiblemente en configuraciones más débiles de lo esperado. • https://help.forcepoint.com/security/CVE/CVE-2019-6147.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-6142
https://notcve.org/view.php?id=CVE-2019-6142
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue. Ha sido reportado que una vulnerabilidad de tipo XSS es posible en Forcepoint Email Security, versiones 8.5 y 8.5.3. Se recomienda encarecidamente que apliquen un parche en caliente para solucionar este problema. • https://help.forcepoint.com/security/CVE/CVE-2019-6142.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •