Vulnerabilities > Forcepoint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-08 | CVE-2020-6590 | XXE vulnerability in Forcepoint products Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. | 7.5 |
| 2020-01-22 | CVE-2019-6146 | Cross-site Scripting vulnerability in Forcepoint web Security 8.0.0/8.5.3 It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. | 6.1 |
| 2019-12-23 | CVE-2019-6147 | Incorrect Type Conversion or Cast vulnerability in Forcepoint Next Generation Firewall Security Management Center Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. | 5.9 |
| 2019-11-05 | CVE-2019-6142 | Cross-site Scripting vulnerability in Forcepoint Email Security and Security Manager It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. | 6.1 |
| 2019-10-23 | CVE-2019-6144 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint 19.04/19.08 This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. | 6.5 |
| 2019-09-20 | CVE-2019-6145 | Unquoted Search Path or Element vulnerability in Forcepoint VPN Client 6.6.0 Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. | 6.7 |
| 2019-08-20 | CVE-2019-6143 | Improper Authentication vulnerability in Forcepoint Next Generation Firewall Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. | 9.1 |
| 2019-04-09 | CVE-2019-6140 | Unspecified vulnerability in Forcepoint Email Security A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. | 9.8 |
| 2019-04-09 | CVE-2018-16530 | Out-of-bounds Write vulnerability in Forcepoint Email Security 8.5.0/8.5.3 A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. | 9.8 |
| 2019-03-28 | CVE-2018-16529 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Forcepoint Email Security 8.5.0/8.5.3 A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. | 9.8 |