Vulnerabilities > Proofpoint > Enterprise Protection > 8.9.22
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-5771 | Cross-site Scripting vulnerability in Proofpoint Enterprise Protection Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. | 6.1 |
| 2023-03-08 | CVE-2023-0089 | Code Injection vulnerability in Proofpoint Enterprise Protection The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. | 8.8 |
| 2023-03-08 | CVE-2023-0090 | Code Injection vulnerability in Proofpoint Enterprise Protection The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. | 9.8 |
| 2022-12-21 | CVE-2022-46334 | Improper Privilege Management vulnerability in Proofpoint Enterprise Protection Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. | 7.8 |
| 2022-12-06 | CVE-2022-46332 | Cross-site Scripting vulnerability in Proofpoint Enterprise Protection The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. | 9.6 |
| 2022-12-06 | CVE-2022-46333 | Code Injection vulnerability in Proofpoint Enterprise Protection The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. | 7.2 |
| 2022-11-17 | CVE-2021-31608 | Unspecified vulnerability in Proofpoint Enterprise Protection Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control. | 4.3 |
| 2020-01-13 | CVE-2019-19680 | Unspecified vulnerability in Proofpoint Enterprise Protection A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email. | 8.8 |