Vulnerabilities > Proofpoint
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-08 | CVE-2023-0089 | Code Injection vulnerability in Proofpoint Enterprise Protection The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. | 8.8 |
| 2023-03-08 | CVE-2023-0090 | Code Injection vulnerability in Proofpoint Enterprise Protection The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. | 9.8 |
| 2022-12-21 | CVE-2022-46334 | Improper Privilege Management vulnerability in Proofpoint Enterprise Protection Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. | 7.8 |
| 2022-12-06 | CVE-2022-46332 | Cross-site Scripting vulnerability in Proofpoint Enterprise Protection The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. | 9.6 |
| 2022-12-06 | CVE-2022-46333 | Command Injection vulnerability in Proofpoint Enterprise Protection The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. | 7.2 |
| 2022-11-17 | CVE-2021-31608 | Unspecified vulnerability in Proofpoint Enterprise Protection Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control. | 4.3 |
| 2022-03-10 | CVE-2022-25294 | Unspecified vulnerability in Proofpoint Insider Threat Management Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. | 7.2 |
| 2021-10-13 | CVE-2021-40842 | SQL Injection vulnerability in Proofpoint Insider Threat Management Server Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. | 7.5 |
| 2021-10-13 | CVE-2021-40843 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. | 6.9 |
| 2021-10-13 | CVE-2021-34814 | Unspecified vulnerability in Proofpoint Spam Engine Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. | 5.0 |