Proofpoint Enterprise Protection Endpoint Vulnerable to Improper Input Validation Attacks
CVE-2024-3676
7.5HIGH
Key Information
- Vendor
- Proofpoint
- Status
- Enterprise Protection
- Vendor
- CVE Published:
- 14 May 2024
Summary
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator.
Affected Version(s)
Enterprise Protection <= 8.18.6
Enterprise Protection < 8.18.6
Enterprise Protection < 8.20.0
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database