Improper XML External Entity Handling in Forcepoint Data Loss Prevention and Related Products
CVE-2022-1700

7.5HIGH

Key Information:

Vendor

Forcepoint

Status
Data Loss Prevention (dlp)
One Endpoint (f1e) With Policy Engine
Web Security Content Gateway
Email Security With Dlp Enabled
Vendor
CVE Published:
12 September 2022

What is CVE-2022-1700?

The Forcepoint Policy Engine in various products has a vulnerability due to improper restriction of XML External Entity references. This misconfiguration allows potential attackers to exploit the XML parser, which may lead to unauthorized access and extraction of sensitive data. Specifically affected are multiple Forcepoint products, which, when not updated, could facilitate XXE attacks, compromising the security of sensitive information managed by these systems. Users are advised to update to the latest versions to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cloud Security Gateway prior to June 20, 2022

Data Loss Prevention (DLP) < 8.8.2

Email Security with DLP enabled < 8.5.5

References

https://help.forcepoint.com/security/CVE/CVE-2022-1700.html
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Forcepoint would like to thank Kaushik Joshi and Keval Shah from iAppSecure Solutions Pvt Ltd. for discovering and working with us to responsibly disclose this vulnerability.
JSON
.