8.5.0

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-04	CVE-2024-2166	Cross-site Scripting vulnerability in Forcepoint Email Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003. network low complexity forcepoint CWE-79	6.1
2022-09-12	CVE-2022-1700	XXE vulnerability in Forcepoint products Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. network low complexity forcepoint CWE-611 critical	9.8
2021-04-08	CVE-2020-6590	XXE vulnerability in Forcepoint products Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. network low complexity forcepoint CWE-611	7.5
2019-04-09	CVE-2019-6140	Unspecified vulnerability in Forcepoint Email Security A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. network low complexity forcepoint critical	9.8
2019-04-09	CVE-2018-16530	Out-of-bounds Write vulnerability in Forcepoint Email Security 8.5.0/8.5.3 A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. network low complexity forcepoint CWE-787 critical	9.8
2019-03-28	CVE-2018-16529	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Forcepoint Email Security 8.5.0/8.5.3 A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. network low complexity forcepoint CWE-640 critical	9.8