Improper Input Validation in Enterprise Protection by Proofpoint
CVE-2024-10635

5.3MEDIUM

Key Information:

Vendor: Proofpoint
Status: Enterprise Protection
Vendor: CVE Published:; 28 April 2025

What is CVE-2024-10635?

Enterprise Protection by Proofpoint is affected by an improper input validation vulnerability in its attachment defense mechanism. This flaw allows an unauthenticated remote attacker to bypass established attachment scanning security policies by sending a malicious S/MIME attachment containing an opaque signature. If the recipient opens this malicious attachment in a downstream email client, it could lead to a partial loss of integrity and confidentiality within their system, potentially exposing sensitive information or facilitating further attacks.

Affected Version(s)

Enterprise Protection 8.18.6

Enterprise Protection 8.20.6

References

https://www.proofpoint.com/us/security/security-advisorie...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2025
Vulnerability Reserved
Oct 31, 2024