CVE-2024-0862

Summary

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses.

Affected Software

VendorProductVersion RangeStatus
ProofpointEnterprise Protection8.18.6 < patch 4868affected
ProofpointEnterprise Protection8.20.0 < patch 4869affected
ProofpointEnterprise Protection8.20.2 < patch 4870affected
ProofpointEnterprise Protection8.20.4 < patch 4871affected
ProofpointEnterprise Protection8.21.0 < patch 4871affected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References