CVE-2018-16529

Published: Mar 28, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.

Affected (1)

Products: Forcepoint: Email Security

Forcepoint

1 product

Email Security

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Forcepoint Email Security	From 8.5.0 to 8.5.3

Related CWEs

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (4)

https://help.forcepoint.com/security/CVE/CVE-2018-16529.html

Source: psirt@forcepoint.com

Vendor Advisory

https://seclists.org/fulldisclosure/2018/Nov/23

Source: psirt@forcepoint.com

ExploitMailing ListThird Party Advisory

https://help.forcepoint.com/security/CVE/CVE-2018-16529.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://seclists.org/fulldisclosure/2018/Nov/23

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

Timeline

No history available yet.