KB Article | Forcepoint Support

Problem Description

Published Date: April 8, 2021

Last Update: n/a
KBA Status: Published
KBA Severity: High
CVE Number(s):
CVE-2020-6590
 
KBA Summary
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. Forcepoint would like to thank researchers Sagi Cohen and Almog Cygel, as well as Frederic Quenneville, Pentester at Videotron, for discovering this issue and participating in a coordinated vulnerability disclosure.

Affected Products
  • Forcepoint Web Security Content Gateway
KBA Detailed Information
This description is from https://cwe.mitre.org/data/definitions/611.html:

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Resolution

Customers should upgrade to Forcepoint Web Security version 8.5.4.

Article Feedback



Thank you for the feedback and comments.