Proofpoint Enterprise Protection webutils authenticated RCE
CVE-2023-0089

8.8HIGH

Key Information:

Vendor: Proofpoint
Status: Enterprise Protection
Vendor: CVE Published:; 8 March 2023

Summary

The webutils component of Proofpoint Enterprise Protection is affected by a vulnerability that permits an authenticated user to leverage eval injection for remote code execution. This vulnerability affects all versions up to and including 8.20.0, potentially allowing malicious actions by users within the system.

Affected Version(s)

enterprise_protection 8.* <= 8.20.0

References

https://www.proofpoint.com/security/security-advisories/p...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2023
Vulnerability Reserved
Jan 5, 2023

Credit

ly1g3