diff --git a/2022/1xxx/CVE-2022-1700.json b/2022/1xxx/CVE-2022-1700.json index af67ddabb03..608f39a20c0 100644 --- a/2022/1xxx/CVE-2022-1700.json +++ b/2022/1xxx/CVE-2022-1700.json @@ -1,18 +1,146 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@forcepoint.com", "ID": "CVE-2022-1700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Data Loss Prevention (DLP)", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.8.2" + } + ] + } + }, + { + "product_name": "One Endpoint (F1E) with Policy Engine", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.8.2" + } + ] + } + }, + { + "product_name": "Web Security Content Gateway", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.5.5" + } + ] + } + }, + { + "product_name": "Email Security with DLP enabled", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.5.5" + } + ] + } + }, + { + "product_name": "Cloud Security Gateway ", + "version": { + "version_data": [ + { + "version_value": "prior to June 20, 2022" + } + ] + } + } + ] + }, + "vendor_name": "Forcepoint" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Forcepoint would like to thank Kaushik Joshi and Keval Shah from iAppSecure Solutions Pvt Ltd. for discovering and working with us to responsibly disclose this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 Improper Restriction of XML External Entity Reference ('XXE')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://help.forcepoint.com/security/CVE/CVE-2022-1700.html", + "name": "https://help.forcepoint.com/security/CVE/CVE-2022-1700.html" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to the following versions:\nForcepoint Data Loss Prevention (DLP) versions 8.8.2 or above.\nForcepoint One Endpoint (F1E) with Policy Engine versions 8.8.2 or above.\nForcepoint Web Security Content Gateway versions 8.5.5 or above.\nForcepoint Email Security with DLP enabled versions 8.5.5 or above." + } + ], + "source": { + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "See https://help.forcepoint.com/security/CVE/CVE-2022-1700.html" + } + ] } \ No newline at end of file diff --git a/2022/31xxx/CVE-2022-31220.json b/2022/31xxx/CVE-2022-31220.json index 5e5df1ef869..9e0b4a8affc 100644 --- a/2022/31xxx/CVE-2022-31220.json +++ b/2022/31xxx/CVE-2022-31220.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000202196" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000202196", + "name": "https://www.dell.com/support/kbdoc/000202196" } ] } diff --git a/2022/31xxx/CVE-2022-31221.json b/2022/31xxx/CVE-2022-31221.json index b40aa8ab9f8..23a868e67f9 100644 --- a/2022/31xxx/CVE-2022-31221.json +++ b/2022/31xxx/CVE-2022-31221.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000202196" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000202196", + "name": "https://www.dell.com/support/kbdoc/000202196" } ] } diff --git a/2022/31xxx/CVE-2022-31222.json b/2022/31xxx/CVE-2022-31222.json index 0df35207579..d44e11f741c 100644 --- a/2022/31xxx/CVE-2022-31222.json +++ b/2022/31xxx/CVE-2022-31222.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000202196" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000202196", + "name": "https://www.dell.com/support/kbdoc/000202196" } ] } diff --git a/2022/31xxx/CVE-2022-31223.json b/2022/31xxx/CVE-2022-31223.json index bdbe4228445..fcd622aafe1 100644 --- a/2022/31xxx/CVE-2022-31223.json +++ b/2022/31xxx/CVE-2022-31223.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000202196" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000202196", + "name": "https://www.dell.com/support/kbdoc/000202196" } ] } diff --git a/2022/31xxx/CVE-2022-31224.json b/2022/31xxx/CVE-2022-31224.json index f483eabd01e..66ed9d56653 100644 --- a/2022/31xxx/CVE-2022-31224.json +++ b/2022/31xxx/CVE-2022-31224.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000202196" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000202196", + "name": "https://www.dell.com/support/kbdoc/000202196" } ] } diff --git a/2022/31xxx/CVE-2022-31225.json b/2022/31xxx/CVE-2022-31225.json index c666e4f56d1..0108c305d63 100644 --- a/2022/31xxx/CVE-2022-31225.json +++ b/2022/31xxx/CVE-2022-31225.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000202196" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000202196", + "name": "https://www.dell.com/support/kbdoc/000202196" } ] } diff --git a/2022/31xxx/CVE-2022-31226.json b/2022/31xxx/CVE-2022-31226.json index bd1b71d6f78..f7554c60f98 100644 --- a/2022/31xxx/CVE-2022-31226.json +++ b/2022/31xxx/CVE-2022-31226.json @@ -63,8 +63,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.dell.com/support/kbdoc/000202196" + "refsource": "MISC", + "url": "https://www.dell.com/support/kbdoc/000202196", + "name": "https://www.dell.com/support/kbdoc/000202196" } ] } diff --git a/2022/32xxx/CVE-2022-32894.json b/2022/32xxx/CVE-2022-32894.json index 4b163b5ae28..0d02b600b0f 100644 --- a/2022/32xxx/CVE-2022-32894.json +++ b/2022/32xxx/CVE-2022-32894.json @@ -70,6 +70,11 @@ "refsource": "FULLDISC", "name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6", "url": "http://seclists.org/fulldisclosure/2022/Aug/16" + }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT213443", + "url": "https://support.apple.com/kb/HT213443" } ] },