Improper Input Validation in Enterprise Protection by Proofpoint
CVE-2024-10635

6.1MEDIUM

Key Information:

Vendor: Proofpoint
Status: Enterprise Protection
Vendor: CVE Published:; 28 April 2025

What is CVE-2024-10635?

Enterprise Protection by Proofpoint is affected by an improper input validation vulnerability in its attachment defense mechanism. This flaw allows an unauthenticated remote attacker to bypass established attachment scanning security policies by sending a malicious S/MIME attachment containing an opaque signature. If the recipient opens this malicious attachment in a downstream email client, it could lead to a partial loss of integrity and confidentiality within their system, potentially exposing sensitive information or facilitating further attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Enterprise Protection 8.18.6

Enterprise Protection 8.20.6

References

https://www.proofpoint.com/us/security/security-advisorie...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 28, 2025
Vulnerability Reserved
Oct 31, 2024

JSON

Proofpoint