CVE-2018-16529
CRITICALForcepoint Email Security 8.5.0-8.5.2 - Weak Password Recovery Mechanism
Title source: llmDescription
A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password.
References (2)
Core 2
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2018/Nov/23
Vendor Advisory x_refsource_confirm
https://help.forcepoint.com/security/CVE/CVE-2018-16529.html
Scores
CVSS v3
9.8
EPSS
0.0156
EPSS Percentile
71.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-640
Status
published
Products (1)
forcepoint/email_security
8.5.0 - 8.5.3
Published
Mar 28, 2019
Tracked Since
Feb 18, 2026