KB Article | Forcepoint Support

Problem Description

Forcepoint would like to thank Jacek Lipkowski (SQ5BPF) for helping to resolve this issue.

Published Date: October 21, 2019

Last Update: November 4, 2019
KBA Status: Published
KBA Severity: Medium (CVSS 6.3)
CVE Numbers:
CVE-2019-6142 
 
KBA Summary
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.

Products Under Review​ 
  • Forcepoint Security Manager
  • Forcepoint Email Security 
Affected Products
  • Forcepoint Security Manager
  • Forcepoint Email Security 
Not Vulnerable
Assessments are underway. 

Resolution

Workarounds
See below.

Hotfix and Information About Other Fixes
Hotfixes are available for versions 8.5 and 8.5.3 of Forcepoint Email Security and Forcepoint Security Manager.

If you are using version 8.5, apply both of these hotfixes:
v8.5.0 HF008 for Windows
v8.5.0 HF008 for Appliance

If you are using version 8.5.3, apply both of these hotfixes:
v8.5.3 HF006 for Windows
v8.5.3 HF006 for Appliance 
 

Article Feedback



Thank you for the feedback and comments.