cbcvebase.
CVE-2023-5770
published 2024-01-09

CVE-2023-5770: Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML…

PriorityP428medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EPSS
0.34%
25.9th percentile
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.

Affected

7 ranges
VendorProductVersion rangeFixed in
proofpointenterprise_protection
proofpointenterprise_protection
proofpointenterprise_protection
proofpointproofpoint_enterprise_protection>= 8.0 < 8.18.68.18.6
proofpointproofpoint_enterprise_protection>= 8.18.6 < patch 4804patch 4804
proofpointproofpoint_enterprise_protection>= 8.20.0 < patch 4805patch 4805
proofpointproofpoint_enterprise_protection>= 8.20.2 < patch 4809patch 4809
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.