Bypass of Web Protection in Forcepoint One Endpoint by Non-Admin Users
CVE-2019-6144

6.5MEDIUM

Key Information:

Vendor: Forcepoint
Status: Forcepoint One Endpoint
Vendor: CVE Published:; 23 October 2019

What is CVE-2019-6144?

This vulnerability enables a non-admin user to disable the Forcepoint One Endpoint, allowing them to bypass essential Data Loss Prevention (DLP) measures and web protection mechanisms. By manipulating the software functionality, unauthorized users can exploit this weakness to compromise sensitive data security and introduce significant risks to organizational culture regarding data integrity.

Affected Version(s)

Forcepoint One Endpoint Versions 19.04 through 19.08

References

https://help.forcepoint.com/security/CVE/CVE-2019-6144.html

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2019
Vulnerability Reserved
Jan 11, 2019