cbcvebase.
CVE-2024-3676
published 2024-05-14

CVE-2024-3676: The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated…

PriorityP347high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.36%
28.4th percentile
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator.

Affected

5 ranges
VendorProductVersion rangeFixed in
proofpointenterprise_protection>= 8.18.6 < patch 4868patch 4868
proofpointenterprise_protection>= 8.20.0 < patch 4869patch 4869
proofpointenterprise_protection>= 8.20.2 < patch 4870patch 4870
proofpointenterprise_protection>= 8.20.4 < patch 4871patch 4871
proofpointenterprise_protection>= 8.21.0 < patch 4871patch 4871
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.