We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE

PUBLISHED

CVE-2024-3676

Assigner	Proofpoint
Reserved	2024-04-11
Published	2024-05-14
Updated	2024-06-04

Description

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator.

HIGH: 7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status

affected

8.18.6 before patch 4868

affected

8.20.0 before patch 4869

affected

8.20.2 before patch 4870

affected

8.20.4 before patch 4871

affected

8.21.0 before patch 4871

affected

References

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002

cve.org CVE-2024-3676

nvd.nist.gov CVE-2024-3676

Download JSON

https://cve.threatint.com/CVE/CVE-2024-3676

Find us on

Data Privacy
Terms of Use

© Copyright 2024 THREATINT. Made in Cyprus with ❤ + ☼