Security Advisory: DLP and Web Security Endpoint Authentication Bypass Vulnerability (CVE-2019-6144)

Summary

This article describes the DLP and Web Security Endpoint Authentication Bypass Vulnerability (CVE-2019-6144) and its potential effect on Forcepoint products.

Information

CVE numbers:
CVE-2019-6144

Security Advisory summary
The Forcepoint Product Security Incident Response Team (PSIRT) has investigated the following security vulnerability and its impact on Forcepoint products, and has implemented a resolution. 

This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. 

Products affected

• Forcepoint One Endpoint

Resolution

Resolution
This vulnerability has been resolved as of the Forcepoint One Endpoint (F1E) interim release, version 19.09.4219, available through Forcepoint Support, and with the release of version 19.10, made publicly available on November 4, 2019.

Forcepoint recommends upgrading to the latest supported version of Forcepoint One Endpoint when possible from the Downloads page.