CVE-2022-1700 Forcepoint Data Loss Prevention and F1E, Web Security Content Gateway, and Email Security with DLP are vulnerable to the XXE vulnerability.
For this issue, the complete version numbers of the products are as follows: Forcepoint Data Loss Prevention (DLP) - 8.8.2, 8.8.1 Forcepoint One Endpoint (F1E) - 8.8.2, 8.8.1 Forcepoint Web Security Content Gateway - 8.5.5, 8.5.3 Forcepoint Email Security with DLP enabled - 8.5.5, 8.5.3 Forcepoint Cloud Security Gateway - Prior to June 20, 2022. What to do If you are using Forcepoint data loss prevention (DLP) - policy engine version before 8.8.2, version 8.8.2 is a mandatory patch. For Forcepoint One Endpoint (F1E) - policy engine version before 8.8.2, version 8.8.2 is a mandatory patch. For Forcepoint Web Security Content Gateway - policy engine version before 8.5.5, version 8.5.5 is a mandatory patch. For Forcepoint Email Security with DLP enabled - policy engine version before 8.5.5, version 8.5.5 is a mandatory patch. For Forcepoint Cloud Security Gateway - prior to June 20, 2022.
What is Forcepoint Data Loss Prevention?
Forcepoint Data Loss Prevention (DLP) is a proprietary security solution that helps organizations achieve compliance with regulatory mandates.
The product provides visibility into sensitive data, including email, endpoint communications and web traffic. Got that? Now you're ready to patch your systems!
Forcepoint Data Loss Prevention (DLP) - 8.8.2
, 8.8.1
For this issue, the complete version numbers of the products are as follows: Forcepoint Data Loss Prevention (DLP) - 8.8.2, 8.8.1 Forcepoint One Endpoint (F1E) - 8.8.2, 8.8.1 Forcepoint Web Security Content Gateway - 8.5.5, 8.5.3 Forcepoint Email Security with DLP enabled - 8.5.5, 8.5.3 Forcepoint Cloud Security Gateway - Prior to June 20, 2022
If you are using Forcepoint data loss prevention (DLP) - policy engine version before 8.8.2, version 8.8.2 is a mandatory patch
For Forcepoint One Endpoint (F1E) - policy engine version before 8
For Forcepoint Web Security Content Gateway - policy engine version before 8
For Forcepoint Email Security with DLP enabled - policy engine version before
For ForcePoint Cloud Security Gateway- prior to June 20, 2022
Timeline
Published on: 09/12/2022 19:15:00 UTC
Last modified on: 09/15/2022 18:05:00 UTC