KB Article | Forcepoint Support

Problem Description

Forcepoint would like to thank Jacek Lipkowski (SQ5BPF) for helping to resolve this issue.

Published Date: October 21, 2019
Last Update: August 26, 2020
KBA Status: Published
KBA Severity: Medium (CVSS 6.3)
CVE Numbers:
CVE-2019-6142 
 
KBA Summary
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.

Affected Products
  • Forcepoint Email Security 
  • Forcepoint Email Security components on Forcepoint Security Manager
Not Vulnerable
Assessments are underway. 

Resolution

Workarounds
See below.

Hotfix and Information About Other Fixes
Hotfixes are available for versions 8.5 and 8.5.3 of Forcepoint Email Security and Forcepoint Security Manager.

If you are using version 8.5, apply both of these hotfixes:
v8.5.0 HF008 for Windows
v8.5.0 HF008 for Appliance

If you are using version 8.5.3, apply both of these hotfixes:
v8.5.3 HF006 for Windows
v8.5.3 HF006 for Appliance 




keywords: vulnerability; cve; security; xss; hotfix; security manager

Article Feedback



Thank you for the feedback and comments.