Lucene search
K
ProofpointEnterprise Protection*

5 matches found

CVE
CVE
added 2023/11/06 8:6 p.m.105 views

CVE-2023-5771

Proofpoint Enterprise Protection has a stored XSS vulnerability in the AdminUI triggered by HTML in the email subject. An unauthenticated attacker can exploit this by sending a crafted email, with the XSS activating when quarantined messages are viewed. Affected versions include 8.20.0 before pat...

6.1CVSS6AI score0.00342EPSS
CVE
CVE
added 2023/03/08 12:27 a.m.74 views

CVE-2023-0090

Proofpoint Enterprise Protection (PPS/POD) webservices are affected by CVE-2023-0090: an anonymous user can trigger remote code execution via eval injection, requiring network access to the webservices API (non-default configuration) and impacting all versions 8.20.0 and below. Exploitation detai...

9.8CVSS9.7AI score0.00738EPSS
CVE
CVE
added 2022/11/17 12:0 a.m.63 views

CVE-2021-31608

CVE-2021-31608 affects Proofpoint Enterprise Protection prior to 18.8.0 and enables bypass of a security control. The available documents state the impact as a bypass but do not provide root-cause details, exploit steps, or a confirmed fix/version, and the exploitation status is not specified. CV...

4.3CVSS4.6AI score0.00416EPSS
CVE
CVE
added 2023/03/08 12:27 a.m.61 views

CVE-2023-0089

CVE-2023-0089 affects Proofpoint Enterprise Protection (PPS/POD) webutils. An authenticated user can execute remote code through an eval injection vulnerability, impacting all versions ≤ 8.20.0. The issue arises in the webutils component of PPS/POD, enabling high-severity impact (C, I, A: High) a...

8.8CVSS8.8AI score0.00733EPSS
Web
CVE
CVE
added 2021/05/07 11:33 a.m.46 views

CVE-2020-14009

Affected product: Proofpoint Enterprise Protection (PPS/PoD) prior to version 8.16.4. Root cause: Messages with crafted/malformed multipart structures are not properly handled, enabling bypass of scanning and file-blocking rules. Impact: An attacker could deliver an email with a malicious attachm...

6.8CVSS6.2AI score0.00316EPSS