GCVE - cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Proofpoint (`a6e799ec-33c1-574b-ba22-45b33dd0559d`)
Product	Enterprise Protection (`75427279-a971-5437-b17a-3e492ac2334e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-0431`	vulnerable	2026-06-08 07:02:24.593825	Enterprise Protection Backslash URL Rewrite Bypass MEDIUM (5.8) Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively. Published: 2025-03-19T16:18:23.793Z Updated: 2025-03-19T17:38:26.546Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0001	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-3676`	vulnerable	2026-06-08 06:43:51.186940	Details available HIGH (7.5) The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator. Published: 2024-05-14T19:07:19.420Z Updated: 2024-08-01T20:19:59.948Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10635`	vulnerable	2026-06-08 06:23:47.142973	Enterprise Protection S/MIME Opaque Signature Attachment Scanning Bypass MEDIUM (6.1) Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system. Published: 2025-04-28T20:36:43.320Z Updated: 2025-10-06T20:51:36.637Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0002	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-0862`	vulnerable	2026-06-08 06:22:03.015613	Details available MEDIUM (5) The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses. Published: 2024-05-14T19:07:04.897Z Updated: 2024-08-20T18:43:47.007Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5771`	vulnerable	2026-06-08 06:19:44.700612	HTML injection in AdminUI through email subject MEDIUM (6.1) Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions. Published: 2023-11-06T20:06:28.575Z Updated: 2024-09-04T18:55:47.857Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0010	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0090`	vulnerable	2026-06-08 05:52:04.261728	Proofpoint Enterprise Protection webservices unauthenticated RCE CRITICAL (9.8) The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. Published: 2023-03-08T00:27:36.914Z Updated: 2025-02-28T18:28:42.806Z Open on db.gcve.eu Reference links https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0089`	vulnerable	2026-06-08 05:52:04.259296	Proofpoint Enterprise Protection webutils authenticated RCE HIGH (8.8) The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. Published: 2023-03-08T00:27:25.544Z Updated: 2025-02-28T16:36:53.420Z Open on db.gcve.eu Reference links https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-46334`	vulnerable	2026-06-08 05:50:38.652652	Proofpoint Enterprise Protection Local Privilege Escalation HIGH (7.8) Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below. Published: 2022-12-21T20:05:38.584Z Updated: 2025-04-15T18:37:56.365Z Open on db.gcve.eu Reference links https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0004	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-46333`	vulnerable	2026-06-08 05:50:38.652253	Proofpoint Enterprise Protection perl eval() arbitrary command execution HIGH (7.2) The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. Published: 2022-12-06T19:52:36.587Z Updated: 2025-04-23T16:11:07.699Z Open on db.gcve.eu Reference links https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0003	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-46332`	vulnerable	2026-06-08 05:50:38.651664	Proofpoint Enterprise Protection (PPS/PoD) XSS in "Attachment Names" CRITICAL (9.6) The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below. Published: 2022-12-06T19:52:02.111Z Updated: 2025-04-23T16:11:39.031Z Open on db.gcve.eu Reference links https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0002	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39304`	vulnerable	2026-06-08 05:33:49.969214	Details available Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass. Published: 2021-10-13T14:34:54.000Z Updated: 2024-08-04T02:06:41.809Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/blog https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0007	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-31608`	vulnerable	2026-06-08 05:31:53.743216	Details available Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control. Published: 2022-11-17T00:00:00.000Z Updated: 2025-04-30T15:20:40.066Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0011	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.