CVE-2024-3676
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Proofpoint | Enterprise Protection | 8.18.6 < patch 4868 | affected |
| Proofpoint | Enterprise Protection | 8.20.0 < patch 4869 | affected |
| Proofpoint | Enterprise Protection | 8.20.2 < patch 4870 | affected |
| Proofpoint | Enterprise Protection | 8.20.4 < patch 4871 | affected |
| Proofpoint | Enterprise Protection | 8.21.0 < patch 4871 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.