CVE-2019-6144 DLP and Web Security Endpoint Authentication Bypass Vulnerability
- Article Number: 000017642
- Products: Forcepoint DLP, Forcepoint DLP Endpoint, Forcepoint One Endpoint, Forcepoint Web Security, Forcepoint Web Security Endpoint
- Version: 19
- Last Published Date: October 22, 2019
We would like to thank Adriaan Schuitmaker for bringing this to our attention.
Published Date: October 17, 2019
Last Update: October 22, 2019
KBA Status: Published
KBA Severity: Medium (6.5 CVSS v3 Base Score)
The Forcepoint Product Security Incident Response Team (PSIRT) has investigated the following security vulnerability and its impact on Forcepoint products, and has implemented a resolution.
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection.