7.5
CVE-2024-3676
- EPSS 0.49%
- Veröffentlicht 14.05.2024 19:15:12
- Zuletzt bearbeitet 21.11.2024 09:30:09
- Quelle security@proofpoint.com
- CVE-Watchlists
- Unerledigt
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerproofpoint
≫
Produkt
enterprise_protection
Default Statusunknown
Version <
patch_4868
Version
8.18.6
Status
affected
Herstellerproofpoint
≫
Produkt
enterprise_protection
Default Statusunknown
Version <
patch_4869
Version
8.20.0
Status
affected
Herstellerproofpoint
≫
Produkt
enterprise_protection
Default Statusunknown
Version <
patch_4870
Version
8.20.2
Status
affected
Herstellerprootpoint
≫
Produkt
enterprise_protection
Default Statusunknown
Version <
patch_4871
Version
8.20.4
Status
affected
Herstellerprootpoint
≫
Produkt
enterprise_protection
Default Statusunknown
Version <
patch_4872
Version
8.21.0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.651 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@proofpoint.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.