Lucene search
K
ProofpointEnterprise Protection

12 matches found

CVE
CVE
added 2023/11/06 8:6 p.m.104 views

CVE-2023-5771

Proofpoint Enterprise Protection has a stored XSS vulnerability in the AdminUI triggered by HTML in the email subject. An unauthenticated attacker can exploit this by sending a crafted email, with the XSS activating when quarantined messages are viewed. Affected versions include 8.20.0 before pat...

6.1CVSS6AI score0.00342EPSS
CVE
CVE
added 2022/12/06 7:52 p.m.89 views

CVE-2022-46332

CVE-2022-46332 affects Proofpoint Enterprise Protection (PPS/PoD) with a stored cross-site scripting (XSS) vulnerability in the Admin Smart Search feature. Exploitation requires user interaction and anonymous access, enabling an attacker to gain admin privileges within the UI. Affected versions: ...

9.6CVSS8.9AI score0.00612EPSS
Web
CVE
CVE
added 2025/04/28 8:36 p.m.84 views

CVE-2024-10635

Proofpoint Enterprise Protection’s Attachment Defense has an improper input validation vulnerability in S/MIME attachment handling that allows an unauthenticated remote attacker to bypass attachment scanning by sending a malicious S/MIME attachment with an opaque signature. When opened by a recip...

6.1CVSS6.2AI score0.00246EPSS
CVE
CVE
added 2023/03/08 12:27 a.m.72 views

CVE-2023-0090

Proofpoint Enterprise Protection (PPS/POD) webservices are affected by CVE-2023-0090: an anonymous user can trigger remote code execution via eval injection, requiring network access to the webservices API (non-default configuration) and impacting all versions 8.20.0 and below. Exploitation detai...

9.8CVSS9.7AI score0.00738EPSS
CVE
CVE
added 2022/12/06 7:52 p.m.69 views

CVE-2022-46333

CVE-2022-46333 affects Proofpoint Enterprise Protection (PPS/PoD) where the admin UI contains a command injection vulnerability allowing an admin to execute commands beyond their scope. Affected versions are 8.19.0 and earlier. The underlying issue is a command execution path in the admin interfa...

7.2CVSS7.2AI score0.01468EPSS
Web
CVE
CVE
added 2022/12/21 8:5 p.m.68 views

CVE-2022-46334

CVE-2022-46334 affects Proofpoint Enterprise Protection (PPS/PoD) up to version 8.19.0. The issue allows the local pps user to escalate to root privileges due to unnecessary permissions. Impact is local privilege escalation with high severity (CVSS 3.1: 7.8). Remediation: upgrade to a version new...

7.8CVSS7.7AI score0.00165EPSS
Web
CVE
CVE
added 2022/11/17 12:0 a.m.63 views

CVE-2021-31608

CVE-2021-31608 affects Proofpoint Enterprise Protection prior to 18.8.0 and enables bypass of a security control. The available documents state the impact as a bypass but do not provide root-cause details, exploit steps, or a confirmed fix/version, and the exploitation status is not specified. CV...

4.3CVSS4.6AI score0.00416EPSS
CVE
CVE
added 2020/01/13 8:6 p.m.60 views

CVE-2019-19680

CVE-2019-19680 concerns a file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD). Unpatched PPS versions up to 8.9.22 and 8.14.2 are affected. The issue allows bypassing protection mechanisms related to extensions, MIME types, virus detection, and journal entries f...

8.8CVSS8.5AI score0.01053EPSS
CVE
CVE
added 2024/01/09 10:2 p.m.58 views

CVE-2023-5770

The CVE-2023-5770 issue affects Proofpoint Enterprise Protection’s email delivery agent. The vulnerability arises from inappropriate encoding when rewriting emails before delivery, allowing an unauthenticated attacker to inject improperly encoded HTML into the email body via the subject. Affected...

5.4CVSS5.4AI score0.0034EPSS
CVE
CVE
added 2023/03/08 12:27 a.m.56 views

CVE-2023-0089

CVE-2023-0089 affects Proofpoint Enterprise Protection (PPS/POD) webutils. An authenticated user can execute remote code through an eval injection vulnerability, impacting all versions ≤ 8.20.0. The issue arises in the webutils component of PPS/POD, enabling high-severity impact (C, I, A: High) a...

8.8CVSS8.8AI score0.00733EPSS
Web
CVE
CVE
added 2021/10/13 2:34 p.m.48 views

CVE-2021-39304

CVE-2021-39304 affects Proofpoint Enterprise Protection prior to version 8.12.0-2108090000, where a security control bypass enables bypassing protection controls. The connected Red Hat and CVE records reiterate the same description: Proofpoint Enterprise Protection before 8.12.0-2108090000 allows...

7.5CVSS7.5AI score0.00981EPSS
CVE
CVE
added 2021/05/07 11:33 a.m.46 views

CVE-2020-14009

Affected product: Proofpoint Enterprise Protection (PPS/PoD) prior to version 8.16.4. Root cause: Messages with crafted/malformed multipart structures are not properly handled, enabling bypass of scanning and file-blocking rules. Impact: An attacker could deliver an email with a malicious attachm...

6.8CVSS6.2AI score0.00316EPSS