PT-2019-17975 · Forcepoint · Forcepoint User Id

Published

2019-02-07

Updated

2022-04-18

CVE-2019-6139

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Forcepoint User ID (FUID) versions up to 1.2

Description The issue allows for remote arbitrary file upload on TCP port 5001, which may lead to remote code execution.

Recommendations For FUID versions up to 1.2, upgrade to FUID version 1.3 or higher. As a temporary workaround for FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-6139

Affected Products

Forcepoint User Id

PT-2019-17975 · Forcepoint · Forcepoint User Id

CVE-2019-6139

Weakness Enumeration

Related Identifiers

Affected Products

References · 3