ProofPoint Enterprise Protection 8.20.0

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:proofpoint:enterprise_protection:8.20.0:-:*:*:*:*:*:*

part: a version: 8.20.0 update: -

VendorProofpoint (a6e799ec-33c1-574b-ba22-45b33dd0559d)
ProductEnterprise Protection (75427279-a971-5437-b17a-3e492ac2334e)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-3676 vulnerable 2026-06-08 06:43:51.183473 Details available
HIGH (7.5)
The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control.  These accounts are able to send spoofed email to any users within the domains configured by the Administrator.
Published: 2024-05-14T19:07:19.420Z
Updated: 2024-08-01T20:19:59.948Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-5771 vulnerable 2026-06-08 06:19:44.702324 HTML injection in AdminUI through email subject
MEDIUM (6.1)
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.
Published: 2023-11-06T20:06:28.575Z
Updated: 2024-09-04T18:55:47.857Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.