{"api_version":"1","generated_at":"2026-04-23T04:33:42+00:00","cve":"CVE-2023-2080","urls":{"html":"https://cve.report/CVE-2023-2080","api":"https://cve.report/api/cve/CVE-2023-2080.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-2080","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-2080"},"summary":{"title":"CVE-2023-2080","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.","state":"PUBLIC","assigner":"psirt@forcepoint.com","published_at":"2023-06-15 23:15:00","updated_at":"2023-06-30 16:39:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"https://support.forcepoint.com/s/article/000041871","name":"https://support.forcepoint.com/s/article/000041871","refsource":"MISC","tags":[],"title":"Forcepoint Customer Hub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-2080","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2080","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"2080","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forcepoint","cpe5":"email_security","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"2080","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forcepoint","cpe5":"web_security","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-2080","ASSIGNER":"psirt@forcepoint.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","cweId":"CWE-89"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Forcepoint","product":{"product_data":[{"product_name":"Cloud Security Gateway (CSG) ","version":{"version_data":[{"version_value":"not down converted","x_cve_json_5_version_data":{"versions":[{"status":"unaffected","version":"TBD"}],"defaultStatus":"unaffected"}}]}}]}}]}},"references":{"reference_data":[{"url":"https://support.forcepoint.com/s/article/000041871","refsource":"MISC","name":"https://support.forcepoint.com/s/article/000041871"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-06-15 23:15:00","lastModifiedDate":"2023-06-30 16:39:00","problem_types":["CWE-89"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:forcepoint:web_security:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:forcepoint:email_security:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}