Search criteria
9 vulnerabilities found for one_endpoint by forcepoint
FKIE_CVE-2022-27608
Vulnerability from fkie_nvd - Published: 2022-04-04 20:15 - Updated: 2024-11-21 06:56
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | one_endpoint | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:one_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "368BEE2F-462B-4D74-8800-D10F3A5E049E",
"versionEndExcluding": "22.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it."
},
{
"lang": "es",
"value": "Forcepoint One Endpoint versiones anteriores a 22.01, instalada en Microsoft Windows es vulnerable a una manipulaci\u00f3n de la clave del registro por parte de usuarios con privilegios de administrador. Esto podr\u00eda resultar en que un usuario deshabilite los mecanismos de no manipulaci\u00f3n, lo que le permitir\u00eda deshabilitar Forcepoint One Endpoint y la protecci\u00f3n que ofrece"
}
],
"id": "CVE-2022-27608",
"lastModified": "2024-11-21T06:56:01.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:10.783",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27608.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27608.html"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-27609
Vulnerability from fkie_nvd - Published: 2022-04-04 20:15 - Updated: 2024-11-21 06:56
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | one_endpoint | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:one_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "368BEE2F-462B-4D74-8800-D10F3A5E049E",
"versionEndExcluding": "22.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it."
},
{
"lang": "es",
"value": "Forcepoint One Endpoint anterior a la versi\u00f3n 22.01 instalada en Microsoft Windows no ofrece suficiente protecci\u00f3n antimanipulaci\u00f3n de servicios por parte de usuarios con privilegios de administrador. Esto podr\u00eda dar lugar a que un usuario desactive Forcepoint One Endpoint y la protecci\u00f3n que ofrece"
}
],
"id": "CVE-2022-27609",
"lastModified": "2024-11-21T06:56:01.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-04T20:15:10.840",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27609.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27609.html"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-6144
Vulnerability from fkie_nvd - Published: 2019-10-23 19:15 - Updated: 2024-11-21 04:46
Severity ?
Summary
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@forcepoint.com | https://help.forcepoint.com/security/CVE/CVE-2019-6144.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.forcepoint.com/security/CVE/CVE-2019-6144.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| forcepoint | one_endpoint | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:one_endpoint:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40717AB7-8209-4761-AD04-B57325D18559",
"versionEndIncluding": "19.08",
"versionStartIncluding": "19.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite a un usuario normal (no administrador) deshabilitar Forcepoint One Endpoint (versiones 19.04 hasta 19.08) y omitir DLP y la protecci\u00f3n web."
}
],
"id": "CVE-2019-6144",
"lastModified": "2024-11-21T04:46:01.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-23T19:15:12.107",
"references": [
{
"source": "psirt@forcepoint.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html"
}
],
"sourceIdentifier": "psirt@forcepoint.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@forcepoint.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-27609 (GCVE-0-2022-27609)
Vulnerability from cvelistv5 – Published: 2022-04-04 19:45 – Updated: 2024-08-03 05:32
VLAI?
Summary
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it.
Severity ?
6 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | One Endpoint |
Unaffected:
22.01 , < unspecified
(custom)
|
Credits
Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27609.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Microsoft Windows"
],
"product": "One Endpoint",
"vendor": "Forcepoint",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "22.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T19:24:14",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27609.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade Forcepoint One Endpoint to version 22.01 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2022-27609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "One Endpoint",
"version": {
"version_data": [
{
"platform": "Microsoft Windows",
"version_affected": "!\u003e=",
"version_value": "22.01"
}
]
}
}
]
},
"vendor_name": "Forcepoint"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2022-27609.html",
"refsource": "MISC",
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27609.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade Forcepoint One Endpoint to version 22.01 or later."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2022-27609",
"datePublished": "2022-04-04T19:45:38",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27608 (GCVE-0-2022-27608)
Vulnerability from cvelistv5 – Published: 2022-04-04 19:45 – Updated: 2024-08-03 05:32
VLAI?
Summary
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it.
Severity ?
6 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | One Endpoint |
Unaffected:
22.01 , < unspecified
(custom)
|
Credits
Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27608.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Microsoft Windows"
],
"product": "One Endpoint",
"vendor": "Forcepoint",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "22.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:36",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27608.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade Forcepoint One Endpoint to version 22.01 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2022-27608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "One Endpoint",
"version": {
"version_data": [
{
"platform": "Microsoft Windows",
"version_affected": "!\u003e=",
"version_value": "22.01"
}
]
}
}
]
},
"vendor_name": "Forcepoint"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2022-27608.html",
"refsource": "MISC",
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27608.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade Forcepoint One Endpoint to version 22.01 or later."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2022-27608",
"datePublished": "2022-04-04T19:45:36",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6144 (GCVE-0-2019-6144)
Vulnerability from cvelistv5 – Published: 2019-10-23 18:57 – Updated: 2024-08-04 20:16
VLAI?
Summary
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Forcepoint One Endpoint |
Affected:
Versions 19.04 through 19.08
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forcepoint One Endpoint",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 19.04 through 19.08"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T17:05:08",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2019-6144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Forcepoint One Endpoint",
"version": {
"version_data": [
{
"version_value": "Versions 19.04 through 19.08"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html",
"refsource": "CONFIRM",
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2019-6144",
"datePublished": "2019-10-23T18:57:51",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27609 (GCVE-0-2022-27609)
Vulnerability from nvd – Published: 2022-04-04 19:45 – Updated: 2024-08-03 05:32
VLAI?
Summary
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it.
Severity ?
6 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | One Endpoint |
Unaffected:
22.01 , < unspecified
(custom)
|
Credits
Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27609.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Microsoft Windows"
],
"product": "One Endpoint",
"vendor": "Forcepoint",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "22.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T19:24:14",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27609.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade Forcepoint One Endpoint to version 22.01 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2022-27609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "One Endpoint",
"version": {
"version_data": [
{
"platform": "Microsoft Windows",
"version_affected": "!\u003e=",
"version_value": "22.01"
}
]
}
}
]
},
"vendor_name": "Forcepoint"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2022-27609.html",
"refsource": "MISC",
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27609.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade Forcepoint One Endpoint to version 22.01 or later."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2022-27609",
"datePublished": "2022-04-04T19:45:38",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27608 (GCVE-0-2022-27608)
Vulnerability from nvd – Published: 2022-04-04 19:45 – Updated: 2024-08-03 05:32
VLAI?
Summary
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it.
Severity ?
6 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Forcepoint | One Endpoint |
Unaffected:
22.01 , < unspecified
(custom)
|
Credits
Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27608.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Microsoft Windows"
],
"product": "One Endpoint",
"vendor": "Forcepoint",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "22.01",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T19:45:36",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27608.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade Forcepoint One Endpoint to version 22.01 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2022-27608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "One Endpoint",
"version": {
"version_data": [
{
"platform": "Microsoft Windows",
"version_affected": "!\u003e=",
"version_value": "22.01"
}
]
}
}
]
},
"vendor_name": "Forcepoint"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Forcepoint would like to thank mr.d0x - @mrd0x for discovering and working with us to responsibly disclose this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2022-27608.html",
"refsource": "MISC",
"url": "https://help.forcepoint.com/security/CVE/CVE-2022-27608.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade Forcepoint One Endpoint to version 22.01 or later."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2022-27608",
"datePublished": "2022-04-04T19:45:36",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6144 (GCVE-0-2019-6144)
Vulnerability from nvd – Published: 2019-10-23 18:57 – Updated: 2024-08-04 20:16
VLAI?
Summary
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Forcepoint One Endpoint |
Affected:
Versions 19.04 through 19.08
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Forcepoint One Endpoint",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 19.04 through 19.08"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-10T17:05:08",
"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"shortName": "forcepoint"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@forcepoint.com",
"ID": "CVE-2019-6144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Forcepoint One Endpoint",
"version": {
"version_data": [
{
"version_value": "Versions 19.04 through 19.08"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html",
"refsource": "CONFIRM",
"url": "https://help.forcepoint.com/security/CVE/CVE-2019-6144.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2",
"assignerShortName": "forcepoint",
"cveId": "CVE-2019-6144",
"datePublished": "2019-10-23T18:57:51",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}