CVE-2018-16529

CRITICAL

Forcepoint Email Security < 8.5.3 - Password Reset Weakness

Title source: rule

Description

A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.

References (2)

[Exploit, Mailing List, Third Party Advisory] https://seclists.org/fulldisclosure/2018/Nov/23

[Vendor Advisory] https://help.forcepoint.com/security/CVE/CVE-2018-16529.html

Scores

CVSS v3 9.8

EPSS 0.0036

EPSS Percentile 58.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-640

Status published

Products (1)

forcepoint/email_security 8.5.0 - 8.5.3

Published Mar 28, 2019

Tracked Since Feb 18, 2026