12 matches found
CVE-2023-5771
Proofpoint Enterprise Protection has a stored XSS vulnerability in the AdminUI triggered by HTML in the email subject. An unauthenticated attacker can exploit this by sending a crafted email, with the XSS activating when quarantined messages are viewed. Affected versions include 8.20.0 before pat...
CVE-2022-46332
CVE-2022-46332 affects Proofpoint Enterprise Protection (PPS/PoD) with a stored cross-site scripting (XSS) vulnerability in the Admin Smart Search feature. Exploitation requires user interaction and anonymous access, enabling an attacker to gain admin privileges within the UI. Affected versions: ...
CVE-2024-10635
Proofpoint Enterprise Protection’s Attachment Defense has an improper input validation vulnerability in S/MIME attachment handling that allows an unauthenticated remote attacker to bypass attachment scanning by sending a malicious S/MIME attachment with an opaque signature. When opened by a recip...
CVE-2023-0090
Proofpoint Enterprise Protection (PPS/POD) webservices are affected by CVE-2023-0090: an anonymous user can trigger remote code execution via eval injection, requiring network access to the webservices API (non-default configuration) and impacting all versions 8.20.0 and below. Exploitation detai...
CVE-2022-46333
CVE-2022-46333 affects Proofpoint Enterprise Protection (PPS/PoD) where the admin UI contains a command injection vulnerability allowing an admin to execute commands beyond their scope. Affected versions are 8.19.0 and earlier. The underlying issue is a command execution path in the admin interfa...
CVE-2022-46334
CVE-2022-46334 affects Proofpoint Enterprise Protection (PPS/PoD) up to version 8.19.0. The issue allows the local pps user to escalate to root privileges due to unnecessary permissions. Impact is local privilege escalation with high severity (CVSS 3.1: 7.8). Remediation: upgrade to a version new...
CVE-2021-31608
CVE-2021-31608 affects Proofpoint Enterprise Protection prior to 18.8.0 and enables bypass of a security control. The available documents state the impact as a bypass but do not provide root-cause details, exploit steps, or a confirmed fix/version, and the exploitation status is not specified. CV...
CVE-2019-19680
CVE-2019-19680 concerns a file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD). Unpatched PPS versions up to 8.9.22 and 8.14.2 are affected. The issue allows bypassing protection mechanisms related to extensions, MIME types, virus detection, and journal entries f...
CVE-2023-5770
The CVE-2023-5770 issue affects Proofpoint Enterprise Protection’s email delivery agent. The vulnerability arises from inappropriate encoding when rewriting emails before delivery, allowing an unauthenticated attacker to inject improperly encoded HTML into the email body via the subject. Affected...
CVE-2023-0089
CVE-2023-0089 affects Proofpoint Enterprise Protection (PPS/POD) webutils. An authenticated user can execute remote code through an eval injection vulnerability, impacting all versions ≤ 8.20.0. The issue arises in the webutils component of PPS/POD, enabling high-severity impact (C, I, A: High) a...
CVE-2021-39304
CVE-2021-39304 affects Proofpoint Enterprise Protection prior to version 8.12.0-2108090000, where a security control bypass enables bypassing protection controls. The connected Red Hat and CVE records reiterate the same description: Proofpoint Enterprise Protection before 8.12.0-2108090000 allows...
CVE-2020-14009
Affected product: Proofpoint Enterprise Protection (PPS/PoD) prior to version 8.16.4. Root cause: Messages with crafted/malformed multipart structures are not properly handled, enabling bypass of scanning and file-blocking rules. Impact: An attacker could deliver an email with a malicious attachm...