Lucene search

ProofpointCVELIST:CVE-2023-0089

HistoryMar 08, 2023 - 12:27 a.m.

CVE-2023-0089 Proofpoint Enterprise Protection webutils authenticated RCE

2023-03-0800:27:25

CWE-95

Proofpoint

www.cve.org

proofpoint

enterprise protection

webutils

authenticated

rce

vulnerability

versions 8.20.0

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.2%

JSON

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through ‘eval injection’.

This affects all versions 8.20.0 and below.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "enterprise_protection",
    "vendor": "proofpoint",
    "versions": [
      {
        "changes": [
          {
            "at": "8.20.0 patch 4570",
            "status": "unaffected"
          },
          {
            "at": "8.18.6 patch 4568",
            "status": "unaffected"
          },
          {
            "at": "8.18.4 patch 4567",
            "status": "unaffected"
          },
          {
            "at": "8.13.22 patch 4566",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "8.20.0",
        "status": "affected",
        "version": "8.*",
        "versionType": "semver"
      }
    ]
  }
]

References

www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.2%

JSON

Related for CVELIST:CVE-2023-0089