Vulnerabilities > Forcepoint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-1705 | Missing Authorization vulnerability in Forcepoint ONE Smartedge Agent Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554. | 7.8 |
| 2023-06-15 | CVE-2023-2080 | SQL Injection vulnerability in Forcepoint Email Security and web Security Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection. | 9.8 |
| 2023-03-29 | CVE-2023-26290 | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
| 2023-03-29 | CVE-2023-26291 | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
| 2023-03-29 | CVE-2023-26292 | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
| 2022-04-04 | CVE-2022-27608 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. | 3.6 |
| 2022-04-04 | CVE-2022-27609 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. | 3.6 |
| 2021-10-04 | CVE-2021-41530 | Unspecified vulnerability in Forcepoint Next Generation Firewall Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. network forcepoint | 4.3 |
| 2021-04-08 | CVE-2020-6590 | XXE vulnerability in Forcepoint products Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. | 5.0 |
| 2020-01-22 | CVE-2019-6146 | Cross-site Scripting vulnerability in Forcepoint web Security 8.0.0/8.5.3 It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. | 4.3 |