Email security
This hub aggregates every CVE we track for Email security, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
18
CVEs tracked
6
Critical
5
High
5
In CISA KEV
Severity distribution
MEDIUM7CRITICAL6HIGH5
Monthly trend
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Email security.
- CVE-2024-9103Persistent XSS in blocked messages6.1
- CVE-2024-2166Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects E...8.8
- CVE-2024-22398An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to c...4.9
- CVE-2022-1700Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), ...7.5
- CVE-2020-36519Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofe...4.9
- CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9
- CVE-2021-45046Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attackKEV9.0
- CVE-2021-44228Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpointsKEV10.0
- CVE-2021-20023SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host.KEV4.9
- CVE-2021-20022SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.KEV7.2
- CVE-2021-20021A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.KEV9.8
- CVE-2020-6590Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.7.5
- CVE-2021-3450CA certificate check bypass with X509_V_FLAG_X509_STRICT7.4
- CVE-2019-6142It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.6.1
- CVE-2019-6140A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed.9.8
Product normalization is registry-driven with AI assist and human review. How it works