Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions before 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions before 8.8.2. Forcepoint Web Security Content Gateway versions before 8.5.5. Forcepoint Email Security with DLP enabled versions before 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
forcepoint cloud security gateway |
||
forcepoint email security |
||
forcepoint one endpoint with policy engine |
||
forcepoint data loss prevention |
||
forcepoint web security content gateway |