Proofpoint Enterprise Protection Endpoint Vulnerable to Improper Input Validation Attacks

CVE-2024-3676

7.5HIGH

Key Information

Vendor: Proofpoint
Status: Enterprise Protection
Vendor: CVE Published:; 14 May 2024

Summary

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator.

Affected Version(s)

Enterprise Protection <= 8.18.6

Enterprise Protection < 8.18.6

Enterprise Protection < 8.20.0

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Apr 11, 2024

Collectors

NVD DatabaseMitre Database