CVE-2023-5770
published 2024-01-09CVE-2023-5770: Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML…
PriorityP428medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EPSS
0.34%
25.9th percentile
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| proofpoint | enterprise_protection | — | — |
| proofpoint | enterprise_protection | — | — |
| proofpoint | enterprise_protection | — | — |
| proofpoint | proofpoint_enterprise_protection | >= 8.0 < 8.18.6 | 8.18.6 |
| proofpoint | proofpoint_enterprise_protection | >= 8.18.6 < patch 4804 | patch 4804 |
| proofpoint | proofpoint_enterprise_protection | >= 8.20.0 < patch 4805 | patch 4805 |
| proofpoint | proofpoint_enterprise_protection | >= 8.20.2 < patch 4809 | patch 4809 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-09
Published