Overview
- Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.
- Source
- psirt@forcepoint.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:email_security:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9DD17A1-E6F8-4ED5-9566-C5C3A62EFCDE"
},
{
"criteria": "cpe:2.3:a:forcepoint:web_security:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66F97068-979A-4D45-B2C6-A98FF1887EED"
}
],
"operator": "OR"
}
]
}
]