Lucene search

ProofpointCVE-2023-2819

HistoryJun 14, 2023 - 10:15 p.m.

CVE-2023-2819

2023-06-1422:15:09

CWE-79

Proofpoint

web.nvd.nist.gov

cve-2023-2819

proofpoint threat response

stored xss

cross-site scripting

admin context

security vulnerability

nvd

5.10.0

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

Percentile

5.1%

JSON

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type.  This could result in arbitrary javascript code execution in an admin context. All versions prior to 5.10.0 are affected.

Affected configurations

Nvd

Node

proofpointthreat_response_auto_pullRange<5.10.0

VendorProductVersionCPE
proofpointthreat_response_auto_pull*cpe:2.3:a:proofpoint:threat_response_auto_pull:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
proofpoint	threat_response_auto_pull	*	cpe:2.3:a:proofpoint:threat_response_auto_pull::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Threat Response Auto Pull",
    "vendor": "Proofpoint",
    "versions": [
      {
        "lessThan": "5.10.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0002