ProofPoint Enterprise Protection 8.18.6
Approved changes feed: RSS · Atom
cpe:2.3:a:proofpoint:enterprise_protection:8.18.6:*:*:*:*:*:*:*
part: a version: 8.18.6 update: *
| Vendor | Proofpoint (a6e799ec-33c1-574b-ba22-45b33dd0559d) |
|---|---|
| Product | Enterprise Protection (75427279-a971-5437-b17a-3e492ac2334e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-3676 |
vulnerable | 2026-06-08 06:43:51.181991 |
Details available
HIGH (7.5)
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator.
Published: 2024-05-14T19:07:19.420Z
Updated: 2024-08-01T20:19:59.948Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5770 |
vulnerable | 2026-06-08 06:19:44.697378 |
HTML injection in email body through email subject
MEDIUM (5.3)
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.
Published: 2024-01-09T22:02:03.839Z
Updated: 2025-06-03T14:29:46.790Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0090 |
vulnerable | 2026-06-08 05:52:04.261772 |
Proofpoint Enterprise Protection webservices unauthenticated RCE
CRITICAL (9.8)
The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below.
Published: 2023-03-08T00:27:36.914Z
Updated: 2025-02-28T18:28:42.806Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0089 |
vulnerable | 2026-06-08 05:52:04.260462 |
Proofpoint Enterprise Protection webutils authenticated RCE
HIGH (8.8)
The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'.
This affects all versions 8.20.0 and below.
Published: 2023-03-08T00:27:25.544Z
Updated: 2025-02-28T16:36:53.420Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.