Published: 12/09/2022 Updated: 15/09/2022

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions before 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions before 8.8.2. Forcepoint Web Security Content Gateway versions before 8.5.5. Forcepoint Email Security with DLP enabled versions before 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022.

Vulnerable Product	Search on Vulmon	Subscribe to Product
forcepoint cloud security gateway
forcepoint email security
forcepoint one endpoint with policy engine
forcepoint data loss prevention
forcepoint web security content gateway

CWE-611 https://help.forcepoint.com/security/CVE/CVE-2022-1700.html https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-1700

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect