How severe is CVE-2022-1700?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-1700?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2022-1700 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022.

Related Vulnerabilities

CVE-2013-4334

CRITICAL

CVSS:9.8(Critical)

opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities

CWE-6112013

CVE-2014-0030

CRITICAL

CVSS:9.8(Critical)

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.

CWE-6112014

CVE-2014-125087

CRITICAL

CVSS:9.8(Critical)

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference....

CWE-6112014

CVE-2014-2052

CRITICAL

CVSS:9.8(Critical)

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML Ex...

CWE-6112014

CVE-2014-3005

CRITICAL

CVSS:9.8(Critical)

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or poten...

CWE-6112014

CVE-2014-3244

CRITICAL

CVSS:9.8(Critical)

XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in a...

CWE-6112014