CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5451
https://notcve.org/view.php?id=CVE-2023-5451
04 Mar 2024 — Forcepoint NGFW Security Management Center Management Server has SMC Downloads optional feature to offer standalone Management Client downloads and ECA configuration downloads. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Next Generation Firewall Security Management Center (SMC Downloads feature) allows Reflected XSS. This issue affects Next Generation Firewall Security Management Center : before 6.10.13, from 6.11.0 before 7.1.2. Forcepoin... • https://support.forcepoint.com/s/article/000042395 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41530
https://notcve.org/view.php?id=CVE-2021-41530
04 Oct 2021 — Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. Forcepoint NGFW Engine versiones 6.5.11 y anteriores, 6.8.6 y anteriores, y 6.10.0 son vulnerables a una vulnerabilidad de amplificación reflejada TCP, si se ha configurado HTTP User Response • https://help.forcepoint.com/security/CVE/CVE-2021-41530.html •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6147
https://notcve.org/view.php?id=CVE-2019-6147
23 Dec 2019 — Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. When the database is corrupted, the SMC might produce an incorrect IPsec configuration for the Forcepoint Next Generation Firewall (NGFW), possibly resulting in settings that are weaker than expected. All SMC versions lower than 6.5.12 or 6.7.1 are vulnerable. Forcepoint NGFW Security Management Center (SMC) versiones por debaj... • https://help.forcepoint.com/security/CVE/CVE-2019-6147.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-6143
https://notcve.org/view.php?id=CVE-2019-6143
20 Aug 2019 — Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. The vulnerability affects the following NGFW features when the LDAP authentication method is used as the backend authentication: IPsec VPN, SSL VPN or Browser-based user authentication. The vulnerability does not apply when a... • https://help.forcepoint.com/security/CVE/CVE-2019-6143.html • CWE-287: Improper Authentication •