Proofpoint Enterprise Protection Vulnerable to Server-Side Request Forgery

CVE-2024-0862

5MEDIUM

Key Information

Vendor: Proofpoint
Status: Enterprise Protection
Vendor: CVE Published:; 14 May 2024

Summary

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses.

Affected Version(s)

Enterprise Protection <= 8.18.6

Enterprise Protection < 8.18.6

Enterprise Protection < 8.20.0

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Jan 24, 2024

Collectors

NVD DatabaseMitre Database