- Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.
- Source
- psirt@forcepoint.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:forcepoint:email_security:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9DD17A1-E6F8-4ED5-9566-C5C3A62EFCDE"
},
{
"criteria": "cpe:2.3:a:forcepoint:web_security:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66F97068-979A-4D45-B2C6-A98FF1887EED"
}
],
"operator": "OR"
}
]
}
]