THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-3676

Reserved:2024-04-11
Published:2024-05-14
Updated:2024-05-14

Description

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control.  These accounts are able to send spoofed email to any users within the domains configured by the Administrator.



HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status
affected

8.18.6 before patch 4868
affected

8.20.0 before patch 4869
affected

8.20.2 before patch 4870
affected

8.20.4 before patch 4871
affected

8.21.0 before patch 4871
affected

References

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002

cve.org CVE-2024-3676

nvd.nist.gov CVE-2024-3676

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3676