Skip to main content

Enterprise Protection

9 CVEs product

Monthly

CVE-2024-10635 MEDIUM This Month

Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Protection
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-5770 MEDIUM This Month

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Enterprise Protection
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-5771 MEDIUM This Month

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Protection
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-0090 CRITICAL Act Now

The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Enterprise Protection
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0089 HIGH This Week

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Enterprise Protection
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-46334 HIGH This Week

Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Protection
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-46333 HIGH This Week

The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection Enterprise Protection
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-46332 CRITICAL Act Now

The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Protection
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2021-39304 HIGH This Week

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Protection
NVD
CVSS 3.1
7.5
EPSS
1.0%
EPSS 0% CVSS 6.1
MEDIUM This Month

Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Protection
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Enterprise Protection
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Protection
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Enterprise Protection
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Enterprise Protection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Protection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection +1
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Protection
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Protection
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy