Proofpoint Enterprise Protection vulnerabilities
15 known vulnerabilities affecting proofpoint/enterprise_protection.
Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH6MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2023-0090P2CRITICALCVSS 9.8fixed in 8.13.22≥ 8.18.0, < 8.18.4+3 more2023-03-08
CVE-2023-0090 [CRITICAL] CWE-95 CVE-2023-0090: The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows fo
The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below.
nvd
CVE-2023-0089P3HIGHCVSS 8.8fixed in 8.13.22≥ 8.18.0, < 8.18.4+3 more2023-03-08
CVE-2023-0089 [HIGH] CWE-95 CVE-2023-0089: The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an a
The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'.
This affects all versions 8.20.0 and below.
nvd
CVE-2024-3676P3HIGHCVSS 7.5≥ 8.18.6, < patch 4868≥ 8.20.0, < patch 4869+3 more2024-05-14
CVE-2024-3676 [HIGH] CWE-20 CVE-2024-3676: The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Va
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the do
nvd
CVE-2022-46333P3HIGHCVSS 7.2≤ 8.19.0≥ 8.*, ≤ 8.19.02022-12-06
CVE-2022-46333 [HIGH] CWE-94 CVE-2022-46333: The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection
The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.
nvd
CVE-2022-46332P3CRITICALCVSS 9.6≤ 8.19.0≥ 8.*, ≤ 8.19.02022-12-06
CVE-2022-46332 [CRITICAL] CWE-79 CVE-2022-46332: The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.
nvd
CVE-2022-46334P3HIGHCVSS 7.8≤ 8.19.0≥ 8.*, ≤ 8.19.02022-12-21
CVE-2022-46334 [HIGH] CWE-269 CVE-2022-46334: Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to esc
Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.
nvd
CVE-2019-19680P3HIGHCVSS 8.8≤ 8.9.22≤ 8.14.22020-01-13
CVE-2019-19680 [HIGH] CVE-2019-19680: A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unp
A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart em
nvd
CVE-2021-39304P3HIGHCVSS 7.5≥ 8.12.0-2107140000, < 8.12.0-21080900002021-10-13
CVE-2021-39304 [HIGH] CVE-2021-39304: Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.
nvd
CVE-2025-0431P4MEDIUMCVSS 5.8≥ 8.18.6, < patch 5113≥ 8.20.6, < patch 5114+1 more2025-03-19
CVE-2025-0431 [MEDIUM] CWE-790 CVE-2025-0431: Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remot
Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6
nvd
CVE-2020-14009P4MEDIUMCVSS 6.3fixed in 8.13.16≥ 8.14.0, < 8.16.42021-05-07
CVE-2020-14009 [MEDIUM] CWE-354 CVE-2020-14009: Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow a
Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled.
nvd
CVE-2024-10635P4MEDIUMCVSS 5.3v8.18.6v8.20.6+4 more2025-04-28
CVE-2024-10635 [MEDIUM] CWE-754 CVE-2024-10635: Enterprise Protection contains an improper input validation vulnerability in attachment defense that
Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause p
nvd
CVE-2023-5771P4MEDIUMCVSS 6.1fixed in 8.18.6v8.18.6+1 more2023-11-06
CVE-2023-5771 [MEDIUM] CWE-79 CVE-2023-5771: Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthentica
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other
nvd
CVE-2023-5770P4MEDIUMCVSS 5.4v8.18.6v8.20.0+1 more2024-01-09
CVE-2023-5770 [MEDIUM] CWE-838 CVE-2023-5770: Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterpri
nvd
CVE-2024-0862P4MEDIUMCVSS 5.0≥ 8.18.6, < patch 4868≥ 8.20.0, < patch 4869+3 more2024-05-14
CVE-2024-0862 [MEDIUM] CWE-918 CVE-2024-0862: The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Reques
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses.
nvd
CVE-2021-31608P4MEDIUMCVSS 4.3fixed in 18.8.02022-11-17
CVE-2021-31608 [MEDIUM] CWE-693 CVE-2021-31608: Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
nvd