Vulnerability Details CVE-2023-5770
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.5%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2023-5770
-
cpe:2.3:a:proofpoint:enterprise_protection:8.18.6
-
cpe:2.3:a:proofpoint:enterprise_protection:8.20.0
-
cpe:2.3:a:proofpoint:enterprise_protection:8.20.2