Enterprise Protection@* Security Vulnerabilities and Issues — Enterprise Protection@* CVE List

Lucene search

ProofpointEnterprise Protection*

10 matches found

CVE•added 2023/11/06 9:15 p.m.•91 views

CVE-2023-5771

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 before ...

6.1CVSS6AI score0.00152EPSS

CVE•added 2022/12/06 8:15 p.m.•77 views

CVE-2022-46332

The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.

9.6CVSS8.9AI score0.00535EPSS

CVE•added 2022/11/17 10:15 p.m.•53 views

CVE-2021-31608

Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.

4.3CVSS4.6AI score0.00095EPSS

CVE•added 2022/12/21 9:15 p.m.•52 views

CVE-2022-46334

Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.

7.8CVSS7.7AI score0.00044EPSS

CVE•added 2022/12/06 8:15 p.m.•51 views

CVE-2022-46333

The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.

7.2CVSS7.2AI score0.00325EPSS

CVE•added 2023/03/08 1:15 a.m.•50 views

CVE-2023-0090

The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all ver...

9.8CVSS9.7AI score0.00292EPSS

CVE•added 2020/01/13 9:15 p.m.•45 views

CVE-2019-19680

A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitte...

8.8CVSS8.5AI score0.00353EPSS

CVE•added 2023/03/08 1:15 a.m.•40 views

CVE-2023-0089

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.

8.8CVSS8.8AI score0.00304EPSS

CVE•added 2021/10/13 3:15 p.m.•36 views

CVE-2021-39304

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.

7.5CVSS7.5AI score0.00408EPSS

CVE•added 2021/05/07 12:15 p.m.•31 views

CVE-2020-14009

Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipa...

6.8CVSS6.2AI score0.00089EPSS