KB Article | Forcepoint Support
Support
  1. Home
  2. Knowledgebase

CVE-2019-6144 DLP and Web Security Endpoint Authentication Bypass Vulnerability

  • Article Number: 000017642
  • Products: Forcepoint DLP, Forcepoint DLP Endpoint, Forcepoint One Endpoint, Forcepoint Web Security, Forcepoint Web Security Endpoint
  • Version: 19
  • Last Published Date: October 22, 2019

Problem Description

We would like to thank Adriaan Schuitmaker for bringing this to our attention.

Published Date: October 17, 2019

Last Update: October 22, 2019
KBA Status: Published
KBA Severity: Medium (6.5 CVSS v3 Base Score)
CVE Numbers:
CVE-2019-6144

KBA Summary
The Forcepoint Product Security Incident Response Team (PSIRT) has investigated the following security vulnerability and its impact on Forcepoint products, and has implemented a resolution. 

This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. 

Products Affected

  • Forcepoint One Endpoint

Resolution

Resolution
This vulnerability has been resolved with the Forcepoint One Endpoint (F1E) interim release, version 19.09.4219, available through Forcepoint Support, and with the upcoming release, version 19.10, publicly available November 4, 2019.

Forcepoint recommends upgrading to the latest version of Forcepoint One Endpoint.
Contact Forcepoint Support to get version 19.09.4219.

This article will be updated when the F1E version is released for general availability. 

Article Feedback



Thank you for the feedback and comments.

Want 24/7 Tech Support?

Learn more