{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-2080", "assignerOrgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2", "state": "PUBLISHED", "assignerShortName": "forcepoint", "dateReserved": "2023-04-14T19:12:38.266Z", "datePublished": "2023-06-15T22:18:58.058Z", "dateUpdated": "2023-06-15T22:18:58.058Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Portal", "platforms": ["Web Cloud Security Gateway", "Email Security Cloud"], "product": "Cloud Security Gateway (CSG) ", "vendor": "Forcepoint", "versions": [{"status": "unaffected", "version": "TBD"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection."}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection."}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "CAPEC-7 Blind SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e23ea22c-8c39-4eff-8980-2881e5ae54e2", "shortName": "forcepoint", "dateUpdated": "2023-06-15T22:18:58.058Z"}, "references": [{"url": "https://support.forcepoint.com/s/article/000041871"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:forcepoint:email_security:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9DD17A1-E6F8-4ED5-9566-C5C3A62EFCDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:forcepoint:web_security:-:*:*:*:*:*:*:*", "matchCriteriaId": "66F97068-979A-4D45-B2C6-A98FF1887EED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection."}], "id": "CVE-2023-2080", "lastModified": "2023-06-30T16:39:02.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "psirt@forcepoint.com", "type": "Secondary"}]}, "published": "2023-06-15T23:15:09.020", "references": [{"source": "psirt@forcepoint.com", "tags": ["Vendor Advisory"], "url": "https://support.forcepoint.com/s/article/000041871"}], "sourceIdentifier": "psirt@forcepoint.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "psirt@forcepoint.com", "type": "Secondary"}]}

{}