CVE-2024-3676
published 2024-05-14CVE-2024-3676: The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated…
PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.36%
28.4th percentile
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| proofpoint | enterprise_protection | >= 8.18.6 < patch 4868 | patch 4868 |
| proofpoint | enterprise_protection | >= 8.20.0 < patch 4869 | patch 4869 |
| proofpoint | enterprise_protection | >= 8.20.2 < patch 4870 | patch 4870 |
| proofpoint | enterprise_protection | >= 8.20.4 < patch 4871 | patch 4871 |
| proofpoint | enterprise_protection | >= 8.21.0 < patch 4871 | patch 4871 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-14
Published