Proofpoint Enterprise Protection Endpoint Vulnerable to Improper Input Validation Attacks

CVE-2024-3676
7.5HIGH

Key Information

Vendor
Proofpoint
Status
Enterprise Protection
Vendor
CVE Published:
14 May 2024

Summary

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control.  These accounts are able to send spoofed email to any users within the domains configured by the Administrator.

Affected Version(s)

Enterprise Protection <= 8.18.6

Enterprise Protection < 8.18.6

Enterprise Protection < 8.20.0

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.