This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Proofpoint First view 2022-11-17
Product Enterprise Protection Last view 2023-11-06
Version 8.18.6 Type Application
Update -  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:proofpoint:enterprise_protection

Activity : Overall

Related : CVE

  Date Alert Description
6.1 2023-11-06 CVE-2023-5771

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.
7.8 2022-12-21 CVE-2022-46334

Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.
7.2 2022-12-06 CVE-2022-46333

The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.
9.6 2022-12-06 CVE-2022-46332

The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.
4.3 2022-11-17 CVE-2021-31608

Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (1) CWE-269 Improper Privilege Management
25% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')