VYPR

Enterprise Protection

by Proofpoint

CVEs (9)

  • CVE-2025-0431MedMar 19, 2025
    Proofpoint
    Enterprise Protection
    risk 0.38cvss 5.8epss 0.00

    Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively.

  • CVE-2024-10635Apr 28, 2025
    Proofpoint
    Enterprise Protection
    risk 0.00cvss epss 0.00

    Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system.

  • CVE-2023-5770Jan 9, 2024
    Proofpoint
    Enterprise Protection
    risk 0.00cvss epss 0.00

    Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.

  • CVE-2023-5771Nov 6, 2023
    Proofpoint
    Enterprise Protection
    risk 0.00cvss epss 0.00

    Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.

  • CVE-2023-0090Mar 8, 2023
    Proofpoint
    Enterprise Protection
    risk 0.00cvss epss 0.01

    The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below.

  • CVE-2023-0089Mar 8, 2023
    Proofpoint
    Enterprise Protection
    risk 0.00cvss epss 0.01

    The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.

  • CVE-2022-46334Dec 21, 2022
    Proofpoint
    Enterprise Protection
    risk 0.00cvss epss 0.00

    Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.

  • CVE-2022-46333Dec 6, 2022
    Proofpoint
    Enterprise Protection
    risk 0.00cvss epss 0.02

    The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.

  • CVE-2022-46332Dec 6, 2022
    Proofpoint
    Enterprise Protection
    risk 0.00cvss epss 0.01

    The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.