KB Article | Forcepoint Support
Support
  1. Home
  2. Knowledgebase

CVE-2019-6144 DLP and Web Security Endpoint Authentication Bypass Vulnerability

  • Article Number: 000017642
  • Products: Forcepoint DLP, Forcepoint DLP Endpoint, Forcepoint One Endpoint, Forcepoint Web Security, Forcepoint Web Security Endpoint
  • Version: 19
  • Last Published Date: September 08, 2020

Problem Description

CVE Numbers:
CVE-2019-6144

KBA Summary
The Forcepoint Product Security Incident Response Team (PSIRT) has investigated the following security vulnerability and its impact on Forcepoint products, and has implemented a resolution. 

This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. 

Products Affected

  • Forcepoint One Endpoint

Resolution

Resolution
This vulnerability has been resolved as of the Forcepoint One Endpoint (F1E) interim release, version 19.09.4219, available through Forcepoint Support, and with the upcoming release, version 19.10, made publicly available on November 4, 2019.

Forcepoint recommends upgrading to the latest supported version of Forcepoint One Endpoint when possible from the Downloads page.

Article Feedback



Thank you for the feedback and comments.

Want 24/7 Tech Support?

Learn more