Vulnerabilities > Proofpoint > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-14 | CVE-2023-2820 | Exposure of Resource to Wrong Sphere vulnerability in Proofpoint Threat Response Auto Pull An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. | 6.8 |
| 2022-11-17 | CVE-2021-31608 | Unspecified vulnerability in Proofpoint Enterprise Protection Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control. | 4.3 |
| 2021-10-13 | CVE-2021-40843 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. | 6.9 |
| 2021-10-13 | CVE-2021-34814 | Unspecified vulnerability in Proofpoint Spam Engine Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. | 5.0 |
| 2021-10-13 | CVE-2021-39304 | Unspecified vulnerability in Proofpoint Enterprise Protection 8.12.02107140000 Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass. | 5.0 |
| 2021-05-07 | CVE-2020-14009 | Improper Validation of Integrity Check Value vulnerability in Proofpoint Enterprise Protection 8.14.2 Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. | 6.8 |
| 2021-04-06 | CVE-2021-27900 | Missing Authorization vulnerability in Proofpoint Insider Threat Management The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. | 5.5 |
| 2021-04-06 | CVE-2021-27899 | Improper Certificate Validation vulnerability in Proofpoint Insider Threat Management The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. | 5.8 |
| 2021-04-06 | CVE-2021-22158 | XXE vulnerability in Proofpoint Insider Threat Management The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. | 6.5 |
| 2021-04-06 | CVE-2021-22157 | Cross-site Scripting vulnerability in Proofpoint Insider Threat Management Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS. | 4.3 |