Shodan
Vulnerabilities
Vulnerable Software
Proofpoint:  >> Enterprise Protection  >> 8.14.0  Security Vulnerabilities
CVE-2023-5771
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-11-06
CVE-2022-46334
Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-12-21
CVE-2022-46332
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.
CVSS Score
9.6
EPSS Score
0.004
Published
2022-12-06
CVE-2022-46333
The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-12-06
CVE-2021-31608
Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-11-17
CVE-2020-14009
Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled.
CVSS Score
6.3
EPSS Score
0.001
Published
2021-05-07
CVE-2019-19680
A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.
CVSS Score
8.8
EPSS Score
0.004
Published
2020-01-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved