Security Advisory: XSS Vulnerability in Forcepoint Email Security (CVE-2019-6142)

Summary

This security advisory describes the XSS Vulnerability (CVE-2019-6142) and its potential effect on Forcepoint products.

Information

Forcepoint would like to thank Jacek Lipkowski (SQ5BPF) for helping to resolve this issue.

Published date: October 21, 2019
Last update: August 26, 2020
Security advisory status: Published
Security advisory severity: Medium (CVSS 6.3)
CVE numbers:
CVE-2019-6142 
 
Security advisory summary
It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.

Affected products

• Forcepoint Email Security 
• Forcepoint Email Security components on Forcepoint Security Manager

Not vulnerable
Assessments are underway. 

Resolution

Workarounds
See below.

Hotfix and information about other fixes
Hotfixes are available for versions 8.5 and 8.5.3 of Forcepoint Email Security and Forcepoint Security Manager.

If you are using version 8.5, apply both of these hotfixes:
v8.5.0 HF008 for Windows
v8.5.0 HF008 for Appliance

If you are using version 8.5.3, apply both of these hotfixes:
v8.5.3 HF006 for Windows
v8.5.3 HF006 for Appliance