Vulnerabilites related to Proofpoint - Enterprise Protection
CVE-2024-3676 (GCVE-0-2024-3676)
Vulnerability from cvelistv5
Published
2024-05-14 19:07
Modified
2024-08-01 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Proofpoint | Enterprise Protection |
Version: 8.18.6 ≤ Version: 8.20.0 ≤ Version: 8.20.2 ≤ Version: 8.20.4 ≤ Version: 8.21.0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:proofpoint:enterprise_protection:8.18.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "proofpoint",
"versions": [
{
"lessThan": "patch_4868",
"status": "affected",
"version": "8.18.6",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:proofpoint:enterprise_protection:8.20.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "proofpoint",
"versions": [
{
"lessThan": "patch_4869 ",
"status": "affected",
"version": "8.20.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:proofpoint:enterprise_protection:8.20.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "proofpoint",
"versions": [
{
"lessThan": "patch_4870",
"status": "affected",
"version": "8.20.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:prootpoint:enterprise_protection:8.20.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "prootpoint",
"versions": [
{
"lessThan": "patch_4871",
"status": "affected",
"version": "8.20.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:prootpoint:enterprise_protection:8.21.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "prootpoint",
"versions": [
{
"lessThan": "patch_4872",
"status": "affected",
"version": "8.21.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T17:49:37.326859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:16.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:19:59.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4868",
"status": "unaffected"
}
],
"lessThan": "patch 4868",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4869",
"status": "unaffected"
}
],
"lessThan": "patch 4869",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4870",
"status": "unaffected"
}
],
"lessThan": "patch 4870",
"status": "affected",
"version": "8.20.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4871",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.20.4",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4872",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker\u0027s control.\u0026nbsp; These accounts are able to send spoofed email to any users within the domains configured by the Administrator."
}
],
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker\u0027s control.\u00a0 These accounts are able to send spoofed email to any users within the domains configured by the Administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T19:07:19.420Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2024-3676",
"datePublished": "2024-05-14T19:07:19.420Z",
"dateReserved": "2024-04-11T20:00:59.260Z",
"dateUpdated": "2024-08-01T20:19:59.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0431 (GCVE-0-2025-0431)
Vulnerability from cvelistv5
Published
2025-03-19 16:18
Modified
2025-03-19 17:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-790 - Improper Filtering of Special Elements
Summary
Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Proofpoint | Enterprise Protection |
Version: 8.18.6 ≤ Version: 8.20.6 ≤ Version: 8.21.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T17:37:58.453989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:38:26.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 5113",
"status": "unaffected"
}
],
"lessThan": "patch 5113",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 5114",
"status": "unaffected"
}
],
"lessThan": "patch 5114",
"status": "affected",
"version": "8.20.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 5115",
"status": "unaffected"
}
],
"lessThan": "patch 5115",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient\u0027s email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively."
}
],
"value": "Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient\u0027s email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790 Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T16:18:23.793Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Enterprise Protection Backslash URL Rewrite Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2025-0431",
"datePublished": "2025-03-19T16:18:23.793Z",
"dateReserved": "2025-01-13T19:25:35.786Z",
"dateUpdated": "2025-03-19T17:38:26.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10635 (GCVE-0-2024-10635)
Vulnerability from cvelistv5
Published
2025-04-28 20:36
Modified
2025-04-28 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Proofpoint | Enterprise Protection |
Version: 8.18.6 ≤ Version: 8.20.6 ≤ Version: 8.21.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T22:28:30.982413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T22:28:39.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4868",
"status": "unaffected"
}
],
"lessThan": "patch 5110",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4871",
"status": "unaffected"
}
],
"lessThan": "patch 5134",
"status": "affected",
"version": "8.20.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4872",
"status": "unaffected"
}
],
"lessThan": "patch 5112",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system."
}
],
"value": "Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T20:36:43.320Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Enterprise Protection S/MIME Opaque Signature Attachment Scanning Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2024-10635",
"datePublished": "2025-04-28T20:36:43.320Z",
"dateReserved": "2024-10-31T18:23:56.308Z",
"dateUpdated": "2025-04-28T22:28:39.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0862 (GCVE-0-2024-0862)
Vulnerability from cvelistv5
Published
2024-05-14 19:07
Modified
2024-08-20 18:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Proofpoint | Enterprise Protection |
Version: 8.18.6 ≤ Version: 8.20.0 ≤ Version: 8.20.2 ≤ Version: 8.20.4 ≤ Version: 8.21.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T18:41:43.323594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T18:43:47.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4868",
"status": "unaffected"
}
],
"lessThan": "patch 4868",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4869",
"status": "unaffected"
}
],
"lessThan": "patch 4869",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4870",
"status": "unaffected"
}
],
"lessThan": "patch 4870",
"status": "affected",
"version": "8.20.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4871",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.20.4",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4872",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses."
}
],
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T19:07:04.897Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2024-0862",
"datePublished": "2024-05-14T19:07:04.897Z",
"dateReserved": "2024-01-24T16:42:03.799Z",
"dateUpdated": "2024-08-20T18:43:47.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}