CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-3676
https://notcve.org/view.php?id=CVE-2024-3676
14 May 2024 — The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator. El endpoint de Proofpoint Encryption de Proofpoint Enterprise Protection contiene una vulnerabilidad de validación de... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0862
https://notcve.org/view.php?id=CVE-2024-0862
14 May 2024 — The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses. El endpoint de Proofpoint Encryption de Proofpoint Enterprise Protection contiene una vulnerabilidad de Server Side Request Forgery que permite a un usuario autenticado transmitir solicitudes HTTP desde el servidor de Protection a direcciones de red que de otro mo... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5770 – HTML injection in email body through email subject
https://notcve.org/view.php?id=CVE-2023-5770
09 Jan 2024 — Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions. Proofpoint Enterprise ... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009 • CWE-838: Inappropriate Encoding for Output Context •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5771 – HTML injection in AdminUI through email subject
https://notcve.org/view.php?id=CVE-2023-5771
06 Nov 2023 — Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions. Proofpoint Enterprise Protection contiene una vulnerabilidad XSS almacenada en AdminUI. Un atacante no autenticado puede enviar un correo ele... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0090 – Proofpoint Enterprise Protection webservices unauthenticated RCE
https://notcve.org/view.php?id=CVE-2023-0090
08 Mar 2023 — The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-0089 – Proofpoint Enterprise Protection webutils authenticated RCE
https://notcve.org/view.php?id=CVE-2023-0089
08 Mar 2023 — The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. • https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31608
https://notcve.org/view.php?id=CVE-2021-31608
17 Nov 2022 — Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control. Proofpoint Enterprise Protection anterior a 18.8.0 permite omitir un control de seguridad. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0011 •