CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5771 – HTML injection in AdminUI through email subject
https://notcve.org/view.php?id=CVE-2023-5771
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions. Proofpoint Enterprise Protection contiene una vulnerabilidad XSS almacenada en AdminUI. Un atacante no autenticado puede enviar un correo electrónico especialmente manipulado con HTML en el asunto que activa XSS al ver mensajes en cuarentena. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0090 – Proofpoint Enterprise Protection webservices unauthenticated RCE
https://notcve.org/view.php?id=CVE-2023-0090
The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0089 – Proofpoint Enterprise Protection webutils authenticated RCE
https://notcve.org/view.php?id=CVE-2023-0089
The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46334 – Proofpoint Enterprise Protection Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-46334
Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below. Proofpoint Enterprise Protection (PPS/PoD) contiene una vulnerabilidad que permite al usuario de pps escalar a privilegios de root debido a permisos innecesarios. Esto afecta a todas las versiones 8.19.0 y anteriores. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0004 • CWE-269: Improper Privilege Management •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46333 – Proofpoint Enterprise Protection perl eval() arbitrary command execution
https://notcve.org/view.php?id=CVE-2022-46333
The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. La interfaz de usuario administrador en Proofpoint Enterprise Protection (PPS/PoD) contiene una vulnerabilidad de inyección de comandos que permite a un administrador ejecutar comandos más allá de su alcance permitido. Esto afecta a todas las versiones 8.19.0 y anteriores. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0003 • CWE-94: Improper Control of Generation of Code ('Code Injection') •