Vulnerabilities > Proofpoint > Enterprise Protection > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-08 CVE-2023-0089 Code Injection vulnerability in Proofpoint Enterprise Protection
The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.
network
low complexity
proofpoint CWE-94
8.8
2022-12-21 CVE-2022-46334 Improper Privilege Management vulnerability in Proofpoint Enterprise Protection
Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions.
local
low complexity
proofpoint CWE-269
7.8
2022-12-06 CVE-2022-46333 Code Injection vulnerability in Proofpoint Enterprise Protection
The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope.
network
low complexity
proofpoint CWE-94
7.2
2021-10-13 CVE-2021-39304 Unspecified vulnerability in Proofpoint Enterprise Protection 8.12.02107140000
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.
network
low complexity
proofpoint
7.5
2020-01-13 CVE-2019-19680 Unspecified vulnerability in Proofpoint Enterprise Protection
A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.
network
low complexity
proofpoint
8.8