Assigner | Proofpoint |
Reserved | 2024-01-24 |
Published | 2024-05-14 |
Updated | 2024-05-14 |
Description
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Problem types
CWE-918 Server-Side Request Forgery (SSRF)
Product status
8.18.6 before patch 4868
8.20.0 before patch 4869
8.20.2 before patch 4870
8.20.4 before patch 4871
8.21.0 before patch 4871
References
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001