CVE-2024-3676
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator.
El endpoint de Proofpoint Encryption de Proofpoint Enterprise Protection contiene una vulnerabilidad de validación de entrada incorrecta que permite a un atacante remoto no autenticado con una solicitud HTTP especialmente manipulada crear cuentas de usuario de cifrado adicionales bajo el control del atacante. Estas cuentas pueden enviar correos electrónicos falsificados a cualquier usuario dentro de los dominios configurados por el administrador.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-04-11 CVE Reserved
- 2024-05-14 CVE Published
- 2024-05-15 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Proofpoint Search vendor "Proofpoint" | Enterprise Protection Search vendor "Proofpoint" for product "Enterprise Protection" | >= 8.18.6 < patch 4868 Search vendor "Proofpoint" for product "Enterprise Protection" and version " >= 8.18.6 < patch 4868" | en |
Affected
| ||||||
Proofpoint Search vendor "Proofpoint" | Enterprise Protection Search vendor "Proofpoint" for product "Enterprise Protection" | >= 8.20.0 < patch 4869 Search vendor "Proofpoint" for product "Enterprise Protection" and version " >= 8.20.0 < patch 4869" | en |
Affected
| ||||||
Proofpoint Search vendor "Proofpoint" | Enterprise Protection Search vendor "Proofpoint" for product "Enterprise Protection" | >= 8.20.2 < patch 4870 Search vendor "Proofpoint" for product "Enterprise Protection" and version " >= 8.20.2 < patch 4870" | en |
Affected
| ||||||
Proofpoint Search vendor "Proofpoint" | Enterprise Protection Search vendor "Proofpoint" for product "Enterprise Protection" | >= 8.20.4 < patch 4871 Search vendor "Proofpoint" for product "Enterprise Protection" and version " >= 8.20.4 < patch 4871" | en |
Affected
| ||||||
Proofpoint Search vendor "Proofpoint" | Enterprise Protection Search vendor "Proofpoint" for product "Enterprise Protection" | >= 8.21.0 < patch 4871 Search vendor "Proofpoint" for product "Enterprise Protection" and version " >= 8.21.0 < patch 4871" | en |
Affected
|