Kaushik Joshi

**Name of the Vulnerable Software and Affected Versions** Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2 Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2 Forcepoint Web Security Content Gateway versions prior to 8.5.5 Forcepoint Email Security with DLP enabled versions prior to 8.5.5 Forcepoint Cloud Security Gateway prior to June 20, 2022 **Description** The issue is related to an Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine. The XML parser was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. **Recommendations** For Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2, update to version 8.8.2 or later. For Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2, update the Policy Engine to version 8.8.2 or later. For Forcepoint Web Security Content Gateway versions prior to 8.5.5, update to version 8.5.5 or later. For Forcepoint Email Security with DLP enabled versions prior to 8.5.5, update to version 8.5.5 or later. For Forcepoint Cloud Security Gateway prior to June 20, 2022, ensure that updates after June 20, 2022, are applied.