Vulnerabilities > Proofpoint

DATE CVE VULNERABILITY TITLE RISK
2023-06-14 CVE-2023-2819 Cross-site Scripting vulnerability in Proofpoint Threat Response Auto Pull
A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type.
low complexity
proofpoint CWE-79
4.3
2023-06-14 CVE-2023-2820 Exposure of Resource to Wrong Sphere vulnerability in Proofpoint Threat Response Auto Pull
An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic.
high complexity
proofpoint CWE-668
6.8
2023-03-08 CVE-2023-0089 Code Injection vulnerability in Proofpoint Enterprise Protection
The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.
network
low complexity
proofpoint CWE-94
8.8
2023-03-08 CVE-2023-0090 Code Injection vulnerability in Proofpoint Enterprise Protection
The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'.
network
low complexity
proofpoint CWE-94
critical
9.8
2022-12-21 CVE-2022-46334 Improper Privilege Management vulnerability in Proofpoint Enterprise Protection
Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions.
local
low complexity
proofpoint CWE-269
7.8
2022-12-06 CVE-2022-46332 Cross-site Scripting vulnerability in Proofpoint Enterprise Protection
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface.
network
low complexity
proofpoint CWE-79
critical
9.6
2022-12-06 CVE-2022-46333 Code Injection vulnerability in Proofpoint Enterprise Protection
The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope.
network
low complexity
proofpoint CWE-94
7.2
2022-11-17 CVE-2021-31608 Unspecified vulnerability in Proofpoint Enterprise Protection
Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
network
low complexity
proofpoint
4.3
2022-03-10 CVE-2022-25294 Unspecified vulnerability in Proofpoint Insider Threat Management
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges.
local
low complexity
proofpoint
7.8
2021-10-13 CVE-2021-40842 SQL Injection vulnerability in Proofpoint Insider Threat Management Server
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console.
network
low complexity
proofpoint CWE-89
critical
9.8