Vulnerabilities > Proofpoint > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-06 | CVE-2020-10657 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. | 6.5 |
| 2020-03-30 | CVE-2019-20634 | Incorrect Comparison vulnerability in Proofpoint Email Protection 20190908 An issue was discovered in Proofpoint Email Protection through 2019-09-08. | 4.3 |
| 2020-01-13 | CVE-2019-19680 | Unspecified vulnerability in Proofpoint Enterprise Protection 8.14.2/8.9.22 A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email. network proofpoint | 6.8 |
| 2011-05-05 | CVE-2011-1905 | Cross-Site Request Forgery (CSRF) vulnerability in Proofpoint Messaging Security Gateway and Protection Server Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors. | 6.8 |
| 2011-05-05 | CVE-2011-1902 | Path Traversal vulnerability in Proofpoint Messaging Security Gateway and Protection Server Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2004-12-31 | CVE-2004-2357 | Remote Security vulnerability in Proofpoint Protection Server The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database. | 6.4 |