Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
100 vulnerabilities by Proofpoint
CVE-2025-8558 (GCVE-0-2025-8558)
Vulnerability from nvd – Published: 2025-11-03 18:40 – Updated: 2025-11-03 19:03- CWE-306 - Missing Authentication for Critical Function
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Insider Threat Management (ITM) Server |
Affected:
0 , < 7.17.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T19:03:02.947124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T19:03:11.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Insider Threat Management (ITM) Server",
"vendor": "Proofpoint",
"versions": [
{
"lessThan": "7.17.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insider Threat Management (ITM) Server\u0026nbsp;versions prior to 7.17.2\u0026nbsp;contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality."
}
],
"value": "Insider Threat Management (ITM) Server\u00a0versions prior to 7.17.2\u00a0contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:40:03.946Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2025-8558",
"datePublished": "2025-11-03T18:40:03.946Z",
"dateReserved": "2025-08-04T17:18:04.142Z",
"dateUpdated": "2025-11-03T19:03:11.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10635 (GCVE-0-2024-10635)
Vulnerability from nvd – Published: 2025-04-28 20:36 – Updated: 2025-10-06 20:51- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Enterprise Protection |
Affected:
8.18.6 , < patch 5110
(semver)
Affected: 8.20.6 , < patch 5134 (semver) Affected: 8.21.0 , < patch 5112 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T22:28:30.982413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T22:28:39.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4868",
"status": "unaffected"
}
],
"lessThan": "patch 5110",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4871",
"status": "unaffected"
}
],
"lessThan": "patch 5134",
"status": "affected",
"version": "8.20.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4872",
"status": "unaffected"
}
],
"lessThan": "patch 5112",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system."
}
],
"value": "Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T20:51:36.637Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Enterprise Protection S/MIME Opaque Signature Attachment Scanning Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2024-10635",
"datePublished": "2025-04-28T20:36:43.320Z",
"dateReserved": "2024-10-31T18:23:56.308Z",
"dateUpdated": "2025-10-06T20:51:36.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0431 (GCVE-0-2025-0431)
Vulnerability from nvd – Published: 2025-03-19 16:18 – Updated: 2025-03-19 17:38- CWE-790 - Improper Filtering of Special Elements
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Enterprise Protection |
Affected:
8.18.6 , < patch 5113
(semver)
Affected: 8.20.6 , < patch 5114 (semver) Affected: 8.21.0 , < patch 5115 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T17:37:58.453989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:38:26.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 5113",
"status": "unaffected"
}
],
"lessThan": "patch 5113",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 5114",
"status": "unaffected"
}
],
"lessThan": "patch 5114",
"status": "affected",
"version": "8.20.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 5115",
"status": "unaffected"
}
],
"lessThan": "patch 5115",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient\u0027s email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively."
}
],
"value": "Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient\u0027s email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790 Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T16:18:23.793Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Enterprise Protection Backslash URL Rewrite Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2025-0431",
"datePublished": "2025-03-19T16:18:23.793Z",
"dateReserved": "2025-01-13T19:25:35.786Z",
"dateUpdated": "2025-03-19T17:38:26.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3676 (GCVE-0-2024-3676)
Vulnerability from nvd – Published: 2024-05-14 19:07 – Updated: 2024-08-01 20:19- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Enterprise Protection |
Affected:
8.18.6 , < patch 4868
(semver)
Affected: 8.20.0 , < patch 4869 (semver) Affected: 8.20.2 , < patch 4870 (semver) Affected: 8.20.4 , < patch 4871 (semver) Affected: 8.21.0 , < patch 4871 (semver) |
|
| proofpoint | enterprise_protection |
Affected:
8.18.6 , < patch_4868
(custom)
cpe:2.3:a:proofpoint:enterprise_protection:8.18.6:*:*:*:*:*:*:* |
|
| proofpoint | enterprise_protection |
Affected:
8.20.0 , < patch_4869
(custom)
cpe:2.3:a:proofpoint:enterprise_protection:8.20.0:-:*:*:*:*:*:* |
|
| proofpoint | enterprise_protection |
Affected:
8.20.2 , < patch_4870
(custom)
cpe:2.3:a:proofpoint:enterprise_protection:8.20.2:*:*:*:*:*:*:* |
|
| prootpoint | enterprise_protection |
Affected:
8.20.4 , < patch_4871
(custom)
cpe:2.3:a:prootpoint:enterprise_protection:8.20.4:*:*:*:*:*:*:* |
|
| prootpoint | enterprise_protection |
Affected:
8.21.0 , < patch_4872
(custom)
cpe:2.3:a:prootpoint:enterprise_protection:8.21.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:proofpoint:enterprise_protection:8.18.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "proofpoint",
"versions": [
{
"lessThan": "patch_4868",
"status": "affected",
"version": "8.18.6",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:proofpoint:enterprise_protection:8.20.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "proofpoint",
"versions": [
{
"lessThan": "patch_4869 ",
"status": "affected",
"version": "8.20.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:proofpoint:enterprise_protection:8.20.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "proofpoint",
"versions": [
{
"lessThan": "patch_4870",
"status": "affected",
"version": "8.20.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:prootpoint:enterprise_protection:8.20.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "prootpoint",
"versions": [
{
"lessThan": "patch_4871",
"status": "affected",
"version": "8.20.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:prootpoint:enterprise_protection:8.21.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "prootpoint",
"versions": [
{
"lessThan": "patch_4872",
"status": "affected",
"version": "8.21.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T17:49:37.326859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:16.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:19:59.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4868",
"status": "unaffected"
}
],
"lessThan": "patch 4868",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4869",
"status": "unaffected"
}
],
"lessThan": "patch 4869",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4870",
"status": "unaffected"
}
],
"lessThan": "patch 4870",
"status": "affected",
"version": "8.20.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4871",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.20.4",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4872",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker\u0027s control.\u0026nbsp; These accounts are able to send spoofed email to any users within the domains configured by the Administrator."
}
],
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker\u0027s control.\u00a0 These accounts are able to send spoofed email to any users within the domains configured by the Administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T19:07:19.420Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2024-3676",
"datePublished": "2024-05-14T19:07:19.420Z",
"dateReserved": "2024-04-11T20:00:59.260Z",
"dateUpdated": "2024-08-01T20:19:59.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0862 (GCVE-0-2024-0862)
Vulnerability from nvd – Published: 2024-05-14 19:07 – Updated: 2024-08-20 18:43- CWE-918 - Server-Side Request Forgery (SSRF)
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Enterprise Protection |
Affected:
8.18.6 , < patch 4868
(semver)
Affected: 8.20.0 , < patch 4869 (semver) Affected: 8.20.2 , < patch 4870 (semver) Affected: 8.20.4 , < patch 4871 (semver) Affected: 8.21.0 , < patch 4871 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T18:41:43.323594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T18:43:47.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4868",
"status": "unaffected"
}
],
"lessThan": "patch 4868",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4869",
"status": "unaffected"
}
],
"lessThan": "patch 4869",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4870",
"status": "unaffected"
}
],
"lessThan": "patch 4870",
"status": "affected",
"version": "8.20.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4871",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.20.4",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4872",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses."
}
],
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T19:07:04.897Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2024-0862",
"datePublished": "2024-05-14T19:07:04.897Z",
"dateReserved": "2024-01-24T16:42:03.799Z",
"dateUpdated": "2024-08-20T18:43:47.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5770 (GCVE-0-2023-5770)
Vulnerability from nvd – Published: 2024-01-09 22:02 – Updated: 2025-06-03 14:29- CWE-838 - Inappropriate Encoding for Output Context
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Proofpoint Enterprise Protection |
Affected:
8.20.2 , < patch 4809
(semver)
Affected: 8.20.0 , < patch 4805 (semver) Affected: 8.18.6 , < patch 4804 (semver) Affected: 8.0 , < 8.18.6 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:43:41.522534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:29:46.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Email Delivery Agent"
],
"product": "Proofpoint Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4809",
"status": "unaffected"
}
],
"lessThan": "patch 4809",
"status": "affected",
"version": "8.20.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4805",
"status": "unaffected"
}
],
"lessThan": "patch 4805",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4804",
"status": "unaffected"
}
],
"lessThan": "patch 4804",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"lessThan": "8.18.6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eProofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.\u003c/span\u003e\u003cp\u003eThis issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.\u003c/p\u003e"
}
],
"value": "Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-838",
"description": "CWE-838 Inappropriate Encoding for Output Context",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T22:02:03.839Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTML injection in email body through email subject",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-5770",
"datePublished": "2024-01-09T22:02:03.839Z",
"dateReserved": "2023-10-25T17:57:53.751Z",
"dateUpdated": "2025-06-03T14:29:46.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5771 (GCVE-0-2023-5771)
Vulnerability from nvd – Published: 2023-11-06 20:06 – Updated: 2024-09-04 18:55- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Proofpoint Enterprise Protection |
Affected:
8.20.0 , < patch 4796
(semver)
Affected: 8.18.6 , < patch 4795 (semver) Affected: 8.0 , < 8.18.6 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0010"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T18:55:22.520054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T18:55:47.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"AdminUI"
],
"product": "Proofpoint Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4796",
"status": "unaffected"
}
],
"lessThan": "patch 4796",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4795",
"status": "unaffected"
}
],
"lessThan": "patch 4795",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"lessThan": "8.18.6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-06T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eProofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003cp\u003eThis issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.\u003c/p\u003e"
}
],
"value": "Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.\u00a0\u00a0This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T20:06:30.766Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTML injection in AdminUI through email subject",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-5771",
"datePublished": "2023-11-06T20:06:28.575Z",
"dateReserved": "2023-10-25T17:57:54.611Z",
"dateUpdated": "2024-09-04T18:55:47.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4828 (GCVE-0-2023-4828)
Vulnerability from nvd – Published: 2023-09-13 15:16 – Updated: 2024-09-24 19:52- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | ITM Server |
Affected:
0 , ≤ 7.14.3
(semver)
|
|
| proofpoint | insider_threat_management_server |
Affected:
0 , ≤ 7.14.3
(semver)
cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "insider_threat_management_server",
"vendor": "proofpoint",
"versions": [
{
"lessThanOrEqual": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:36:23.827352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:52:35.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ITM Server",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "7.14.3.69",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-13T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server\u0027s configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected."
}
],
"value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server\u0027s configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T21:50:46.186Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ITM Server Communications Hijack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-4828",
"datePublished": "2023-09-13T15:16:13.903Z",
"dateReserved": "2023-09-07T21:55:26.257Z",
"dateUpdated": "2024-09-24T19:52:35.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4803 (GCVE-0-2023-4803)
Vulnerability from nvd – Published: 2023-09-13 15:15 – Updated: 2024-09-24 19:53- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | ITM Server |
Affected:
0 , ≤ 7.14.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:36:50.692113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:53:11.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web console"
],
"product": "ITM Server",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "7.14.3.69",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-13T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server\u0027s web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator\u0027s browser. All versions prior to 7.14.3.69 are affected."
}
],
"value": "A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server\u0027s web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator\u0027s browser. All versions prior to 7.14.3.69 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T21:46:56.911Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ITM Server Cross-site Scripting in WriteWindowTitle Endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-4803",
"datePublished": "2023-09-13T15:15:40.928Z",
"dateReserved": "2023-09-06T15:23:23.041Z",
"dateUpdated": "2024-09-24T19:53:11.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4802 (GCVE-0-2023-4802)
Vulnerability from nvd – Published: 2023-09-13 15:15 – Updated: 2024-09-24 19:54- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | ITM Server |
Affected:
0 , ≤ 7.14.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:36:57.997540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:54:46.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web console"
],
"product": "ITM Server",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "7.14.3.69",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-13T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server\u0027s web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator\u0027s browser. All versions prior to 7.14.3.69 are affected."
}
],
"value": "A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server\u0027s web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator\u0027s browser. All versions prior to 7.14.3.69 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T21:46:33.623Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ITM Server Cross-site Scripting in UpdateInstalledSoftware Endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-4802",
"datePublished": "2023-09-13T15:15:06.042Z",
"dateReserved": "2023-09-06T15:23:21.334Z",
"dateUpdated": "2024-09-24T19:54:46.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4801 (GCVE-0-2023-4801)
Vulnerability from nvd – Published: 2023-09-13 15:14 – Updated: 2024-09-25 17:38- CWE-295 - Improper Certificate Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Insider Threat Management |
Affected:
0 , ≤ 7.14.3
(semver)
|
|
| proofpoint | insider_threat_management |
Affected:
0 , ≤ 7.14.3.69
(custom)
cpe:2.3:a:proofpoint:insider_threat_management:-:*:*:*:*:macos:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-006"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:proofpoint:insider_threat_management:-:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "insider_threat_management",
"vendor": "proofpoint",
"versions": [
{
"lessThanOrEqual": "7.14.3.69",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:34:51.428379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:38:58.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Agent"
],
"platforms": [
"MacOS"
],
"product": "Insider Threat Management",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "7.14.3.69",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-13T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected."
}
],
"value": "An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T15:14:36.165Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-006"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ITM MacOS Agent Improper Certificate Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-4801",
"datePublished": "2023-09-13T15:14:36.165Z",
"dateReserved": "2023-09-06T15:23:18.574Z",
"dateUpdated": "2024-09-25T17:38:58.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36002 (GCVE-0-2023-36002)
Vulnerability from nvd – Published: 2023-06-27 14:32 – Updated: 2024-11-06 21:22- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Insider Threat Management |
Affected:
0 , < 7.14.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:40.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T21:08:13.320714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:22:15.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Server"
],
"product": "Insider Threat Management",
"vendor": "Proofpoint",
"versions": [
{
"lessThan": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-06-25T14:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected."
}
],
"value": "A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-27T14:32:26.673Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ITM Server Missing Authorization for URL validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-36002",
"datePublished": "2023-06-27T14:32:26.673Z",
"dateReserved": "2023-06-20T20:19:49.399Z",
"dateUpdated": "2024-11-06T21:22:15.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36000 (GCVE-0-2023-36000)
Vulnerability from nvd – Published: 2023-06-27 14:32 – Updated: 2024-11-06 21:32- CWE-862 - Missing Authorization
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Insider Threat Management |
Affected:
0 , < 7.14.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:37:41.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T21:22:41.118478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:32:04.265Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Server"
],
"product": "Insider Threat Management",
"vendor": "Proofpoint",
"versions": [
{
"lessThan": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-06-25T14:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected."
}
],
"value": "A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-27T14:32:01.270Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ITM Server Missing Authorization for Agent Config",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-36000",
"datePublished": "2023-06-27T14:32:01.270Z",
"dateReserved": "2023-06-20T20:19:49.398Z",
"dateUpdated": "2024-11-06T21:32:04.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8558 (GCVE-0-2025-8558)
Vulnerability from cvelistv5 – Published: 2025-11-03 18:40 – Updated: 2025-11-03 19:03- CWE-306 - Missing Authentication for Critical Function
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Insider Threat Management (ITM) Server |
Affected:
0 , < 7.17.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T19:03:02.947124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T19:03:11.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Insider Threat Management (ITM) Server",
"vendor": "Proofpoint",
"versions": [
{
"lessThan": "7.17.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insider Threat Management (ITM) Server\u0026nbsp;versions prior to 7.17.2\u0026nbsp;contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality."
}
],
"value": "Insider Threat Management (ITM) Server\u00a0versions prior to 7.17.2\u00a0contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T18:40:03.946Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-003"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2025-8558",
"datePublished": "2025-11-03T18:40:03.946Z",
"dateReserved": "2025-08-04T17:18:04.142Z",
"dateUpdated": "2025-11-03T19:03:11.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-10635 (GCVE-0-2024-10635)
Vulnerability from cvelistv5 – Published: 2025-04-28 20:36 – Updated: 2025-10-06 20:51- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Enterprise Protection |
Affected:
8.18.6 , < patch 5110
(semver)
Affected: 8.20.6 , < patch 5134 (semver) Affected: 8.21.0 , < patch 5112 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T22:28:30.982413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T22:28:39.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4868",
"status": "unaffected"
}
],
"lessThan": "patch 5110",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4871",
"status": "unaffected"
}
],
"lessThan": "patch 5134",
"status": "affected",
"version": "8.20.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4872",
"status": "unaffected"
}
],
"lessThan": "patch 5112",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system."
}
],
"value": "Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T20:51:36.637Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Enterprise Protection S/MIME Opaque Signature Attachment Scanning Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2024-10635",
"datePublished": "2025-04-28T20:36:43.320Z",
"dateReserved": "2024-10-31T18:23:56.308Z",
"dateUpdated": "2025-10-06T20:51:36.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0431 (GCVE-0-2025-0431)
Vulnerability from cvelistv5 – Published: 2025-03-19 16:18 – Updated: 2025-03-19 17:38- CWE-790 - Improper Filtering of Special Elements
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Enterprise Protection |
Affected:
8.18.6 , < patch 5113
(semver)
Affected: 8.20.6 , < patch 5114 (semver) Affected: 8.21.0 , < patch 5115 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T17:37:58.453989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:38:26.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 5113",
"status": "unaffected"
}
],
"lessThan": "patch 5113",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 5114",
"status": "unaffected"
}
],
"lessThan": "patch 5114",
"status": "affected",
"version": "8.20.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 5115",
"status": "unaffected"
}
],
"lessThan": "patch 5115",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient\u0027s email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively."
}
],
"value": "Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient\u0027s email. This occurs due to improper filtering of backslashes within URLs and affects all versions of 8.21, 8.20 and 8.18 prior to 8.21.0 patch 5115, 8.20.6 patch 5114 and 8.18.6 patch 5113 respectively."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-790",
"description": "CWE-790 Improper Filtering of Special Elements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T16:18:23.793Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Enterprise Protection Backslash URL Rewrite Bypass",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2025-0431",
"datePublished": "2025-03-19T16:18:23.793Z",
"dateReserved": "2025-01-13T19:25:35.786Z",
"dateUpdated": "2025-03-19T17:38:26.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3676 (GCVE-0-2024-3676)
Vulnerability from cvelistv5 – Published: 2024-05-14 19:07 – Updated: 2024-08-01 20:19- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Enterprise Protection |
Affected:
8.18.6 , < patch 4868
(semver)
Affected: 8.20.0 , < patch 4869 (semver) Affected: 8.20.2 , < patch 4870 (semver) Affected: 8.20.4 , < patch 4871 (semver) Affected: 8.21.0 , < patch 4871 (semver) |
|
| proofpoint | enterprise_protection |
Affected:
8.18.6 , < patch_4868
(custom)
cpe:2.3:a:proofpoint:enterprise_protection:8.18.6:*:*:*:*:*:*:* |
|
| proofpoint | enterprise_protection |
Affected:
8.20.0 , < patch_4869
(custom)
cpe:2.3:a:proofpoint:enterprise_protection:8.20.0:-:*:*:*:*:*:* |
|
| proofpoint | enterprise_protection |
Affected:
8.20.2 , < patch_4870
(custom)
cpe:2.3:a:proofpoint:enterprise_protection:8.20.2:*:*:*:*:*:*:* |
|
| prootpoint | enterprise_protection |
Affected:
8.20.4 , < patch_4871
(custom)
cpe:2.3:a:prootpoint:enterprise_protection:8.20.4:*:*:*:*:*:*:* |
|
| prootpoint | enterprise_protection |
Affected:
8.21.0 , < patch_4872
(custom)
cpe:2.3:a:prootpoint:enterprise_protection:8.21.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:proofpoint:enterprise_protection:8.18.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "proofpoint",
"versions": [
{
"lessThan": "patch_4868",
"status": "affected",
"version": "8.18.6",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:proofpoint:enterprise_protection:8.20.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "proofpoint",
"versions": [
{
"lessThan": "patch_4869 ",
"status": "affected",
"version": "8.20.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:proofpoint:enterprise_protection:8.20.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "proofpoint",
"versions": [
{
"lessThan": "patch_4870",
"status": "affected",
"version": "8.20.2",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:prootpoint:enterprise_protection:8.20.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "prootpoint",
"versions": [
{
"lessThan": "patch_4871",
"status": "affected",
"version": "8.20.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:prootpoint:enterprise_protection:8.21.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "enterprise_protection",
"vendor": "prootpoint",
"versions": [
{
"lessThan": "patch_4872",
"status": "affected",
"version": "8.21.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-15T17:49:37.326859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:16.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:19:59.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4868",
"status": "unaffected"
}
],
"lessThan": "patch 4868",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4869",
"status": "unaffected"
}
],
"lessThan": "patch 4869",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4870",
"status": "unaffected"
}
],
"lessThan": "patch 4870",
"status": "affected",
"version": "8.20.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4871",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.20.4",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4872",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker\u0027s control.\u0026nbsp; These accounts are able to send spoofed email to any users within the domains configured by the Administrator."
}
],
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker\u0027s control.\u00a0 These accounts are able to send spoofed email to any users within the domains configured by the Administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T19:07:19.420Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2024-3676",
"datePublished": "2024-05-14T19:07:19.420Z",
"dateReserved": "2024-04-11T20:00:59.260Z",
"dateUpdated": "2024-08-01T20:19:59.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0862 (GCVE-0-2024-0862)
Vulnerability from cvelistv5 – Published: 2024-05-14 19:07 – Updated: 2024-08-20 18:43- CWE-918 - Server-Side Request Forgery (SSRF)
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Enterprise Protection |
Affected:
8.18.6 , < patch 4868
(semver)
Affected: 8.20.0 , < patch 4869 (semver) Affected: 8.20.2 , < patch 4870 (semver) Affected: 8.20.4 , < patch 4871 (semver) Affected: 8.21.0 , < patch 4871 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T18:41:43.323594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T18:43:47.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4868",
"status": "unaffected"
}
],
"lessThan": "patch 4868",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4869",
"status": "unaffected"
}
],
"lessThan": "patch 4869",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4870",
"status": "unaffected"
}
],
"lessThan": "patch 4870",
"status": "affected",
"version": "8.20.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4871",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.20.4",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4872",
"status": "unaffected"
}
],
"lessThan": "patch 4871",
"status": "affected",
"version": "8.21.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses."
}
],
"value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T19:07:04.897Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2024-0862",
"datePublished": "2024-05-14T19:07:04.897Z",
"dateReserved": "2024-01-24T16:42:03.799Z",
"dateUpdated": "2024-08-20T18:43:47.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5770 (GCVE-0-2023-5770)
Vulnerability from cvelistv5 – Published: 2024-01-09 22:02 – Updated: 2025-06-03 14:29- CWE-838 - Inappropriate Encoding for Output Context
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Proofpoint Enterprise Protection |
Affected:
8.20.2 , < patch 4809
(semver)
Affected: 8.20.0 , < patch 4805 (semver) Affected: 8.18.6 , < patch 4804 (semver) Affected: 8.0 , < 8.18.6 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:43:41.522534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:29:46.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Email Delivery Agent"
],
"product": "Proofpoint Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4809",
"status": "unaffected"
}
],
"lessThan": "patch 4809",
"status": "affected",
"version": "8.20.2",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4805",
"status": "unaffected"
}
],
"lessThan": "patch 4805",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4804",
"status": "unaffected"
}
],
"lessThan": "patch 4804",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"lessThan": "8.18.6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eProofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.\u003c/span\u003e\u003cp\u003eThis issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.\u003c/p\u003e"
}
],
"value": "Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-838",
"description": "CWE-838 Inappropriate Encoding for Output Context",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T22:02:03.839Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTML injection in email body through email subject",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-5770",
"datePublished": "2024-01-09T22:02:03.839Z",
"dateReserved": "2023-10-25T17:57:53.751Z",
"dateUpdated": "2025-06-03T14:29:46.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5771 (GCVE-0-2023-5771)
Vulnerability from cvelistv5 – Published: 2023-11-06 20:06 – Updated: 2024-09-04 18:55- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Proofpoint Enterprise Protection |
Affected:
8.20.0 , < patch 4796
(semver)
Affected: 8.18.6 , < patch 4795 (semver) Affected: 8.0 , < 8.18.6 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0010"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T18:55:22.520054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T18:55:47.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"AdminUI"
],
"product": "Proofpoint Enterprise Protection",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "patch 4796",
"status": "unaffected"
}
],
"lessThan": "patch 4796",
"status": "affected",
"version": "8.20.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "patch 4795",
"status": "unaffected"
}
],
"lessThan": "patch 4795",
"status": "affected",
"version": "8.18.6",
"versionType": "semver"
},
{
"lessThan": "8.18.6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-11-06T17:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eProofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003cp\u003eThis issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.\u003c/p\u003e"
}
],
"value": "Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.\u00a0\u00a0This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T20:06:30.766Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTML injection in AdminUI through email subject",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-5771",
"datePublished": "2023-11-06T20:06:28.575Z",
"dateReserved": "2023-10-25T17:57:54.611Z",
"dateUpdated": "2024-09-04T18:55:47.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4828 (GCVE-0-2023-4828)
Vulnerability from cvelistv5 – Published: 2023-09-13 15:16 – Updated: 2024-09-24 19:52- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | ITM Server |
Affected:
0 , ≤ 7.14.3
(semver)
|
|
| proofpoint | insider_threat_management_server |
Affected:
0 , ≤ 7.14.3
(semver)
cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "insider_threat_management_server",
"vendor": "proofpoint",
"versions": [
{
"lessThanOrEqual": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:36:23.827352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:52:35.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ITM Server",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "7.14.3.69",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-13T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server\u0027s configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected."
}
],
"value": "An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server\u0027s configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T21:50:46.186Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ITM Server Communications Hijack",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-4828",
"datePublished": "2023-09-13T15:16:13.903Z",
"dateReserved": "2023-09-07T21:55:26.257Z",
"dateUpdated": "2024-09-24T19:52:35.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4803 (GCVE-0-2023-4803)
Vulnerability from cvelistv5 – Published: 2023-09-13 15:15 – Updated: 2024-09-24 19:53- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | ITM Server |
Affected:
0 , ≤ 7.14.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4803",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:36:50.692113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:53:11.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web console"
],
"product": "ITM Server",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "7.14.3.69",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-13T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server\u0027s web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator\u0027s browser. All versions prior to 7.14.3.69 are affected."
}
],
"value": "A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server\u0027s web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator\u0027s browser. All versions prior to 7.14.3.69 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T21:46:56.911Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ITM Server Cross-site Scripting in WriteWindowTitle Endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-4803",
"datePublished": "2023-09-13T15:15:40.928Z",
"dateReserved": "2023-09-06T15:23:23.041Z",
"dateUpdated": "2024-09-24T19:53:11.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4802 (GCVE-0-2023-4802)
Vulnerability from cvelistv5 – Published: 2023-09-13 15:15 – Updated: 2024-09-24 19:54- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | ITM Server |
Affected:
0 , ≤ 7.14.3
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T19:36:57.997540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T19:54:46.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web console"
],
"product": "ITM Server",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "7.14.3.69",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-13T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server\u0027s web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator\u0027s browser. All versions prior to 7.14.3.69 are affected."
}
],
"value": "A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server\u0027s web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator\u0027s browser. All versions prior to 7.14.3.69 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T21:46:33.623Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ITM Server Cross-site Scripting in UpdateInstalledSoftware Endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-4802",
"datePublished": "2023-09-13T15:15:06.042Z",
"dateReserved": "2023-09-06T15:23:21.334Z",
"dateUpdated": "2024-09-24T19:54:46.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4801 (GCVE-0-2023-4801)
Vulnerability from cvelistv5 – Published: 2023-09-13 15:14 – Updated: 2024-09-25 17:38- CWE-295 - Improper Certificate Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Proofpoint | Insider Threat Management |
Affected:
0 , ≤ 7.14.3
(semver)
|
|
| proofpoint | insider_threat_management |
Affected:
0 , ≤ 7.14.3.69
(custom)
cpe:2.3:a:proofpoint:insider_threat_management:-:*:*:*:*:macos:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-006"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:proofpoint:insider_threat_management:-:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "insider_threat_management",
"vendor": "proofpoint",
"versions": [
{
"lessThanOrEqual": "7.14.3.69",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T17:34:51.428379Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T17:38:58.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Agent"
],
"platforms": [
"MacOS"
],
"product": "Insider Threat Management",
"vendor": "Proofpoint",
"versions": [
{
"changes": [
{
"at": "7.14.3.69",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-09-13T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected."
}
],
"value": "An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T15:14:36.165Z",
"orgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"shortName": "Proofpoint"
},
"references": [
{
"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-006"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ITM MacOS Agent Improper Certificate Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d83a79dd-e128-4b83-8b64-84faf54eed46",
"assignerShortName": "Proofpoint",
"cveId": "CVE-2023-4801",
"datePublished": "2023-09-13T15:14:36.165Z",
"dateReserved": "2023-09-06T15:23:18.574Z",
"dateUpdated": "2024-09-25T17:38:58.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201105-0113
Vulnerability from variot - Updated: 2023-12-18 12:45Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security's advisory of TECHNICAL DETAILS Describes each vulnerability as follows: "Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application."A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability 2. A command-injection vulnerability 3. An SQL-injection vulnerability 4. A security-bypass vulnerability 5. A directory-traversal vulnerability Attackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ----------------------------------------------------------------------
Secunia is hiring!
http://secunia.com/company/jobs/
TITLE: Proofpoint Enterprise Protection Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44457
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44457/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
RELEASE DATE: 2011-05-04
DISCUSS ADVISORY: http://secunia.com/advisories/44457/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44457/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Proofpoint Enterprise Protection, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system.
1) Input passed via the "displayprogress" parameter to enduser/process.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Note: This vulnerability only affects version 5.5.5.
3) Certain unspecified input is not properly verified before being used to access files.
4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
5) An error in the application allows access to certain administrative modules without checking for authentication.
6) Certain unspecified input is not properly sanitised before being used and can be exploited to inject and execute arbitrary commands.
SOLUTION: Apply patches.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: 1) Karan Khosla, Sense of Security Labs. 2 - 6) Scott Miles, Clear Skies Security via US-CERT.
ORIGINAL ADVISORY: Proofpoint: https://support.proofpoint.com/article.cgi?article_id=338413
Sense of Security Labs: http://www.senseofsecurity.com.au/advisories/SOS-11-005
US-CERT VU#790980: http://www.kb.cert.org/vuls/id/790980
Clear Skies Security: http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201105-0113",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.3"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "protection server",
"scope": "eq",
"trust": 1.6,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "proofpoint",
"version": "6.2.0.263:6.2.0.237"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.8,
"vendor": "proofpoint",
"version": "and 6.2.0"
},
{
"model": "protection server",
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.3"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.3"
},
{
"model": "messaging security gateway 6.2.0.263%3a6.2.0.23",
"scope": null,
"trust": 0.3,
"vendor": "proofpoint",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78468"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004591"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "NVD",
"id": "CVE-2011-1902"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-066"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:proofpoint:messaging_security_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.0.263\\:6.2.0.237",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1902"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Miles of Clear Skies Security.",
"sources": [
{
"db": "BID",
"id": "47675"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1902",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-1902",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-49847",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-1902",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#790980",
"trust": 0.8,
"value": "22.50"
},
{
"author": "CNNVD",
"id": "CNNVD-201105-066",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-49847",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49847"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004591"
},
{
"db": "NVD",
"id": "CVE-2011-1902"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-066"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security\u0027s advisory of TECHNICAL DETAILS Describes each vulnerability as follows: \"Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user\u2019s login credentials. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application.\"A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. An SQL-injection vulnerability\n4. A security-bypass vulnerability\n5. A directory-traversal vulnerability\nAttackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ----------------------------------------------------------------------\n\n\nSecunia is hiring!\n\nhttp://secunia.com/company/jobs/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nProofpoint Enterprise Protection Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44457\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44457/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nRELEASE DATE:\n2011-05-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44457/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44457/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proofpoint Enterprise\nProtection, which can be exploited by malicious people to conduct\ncross-site scripting and SQL injection attacks, bypass certain\nsecurity restrictions, disclose sensitive information, and compromise\na vulnerable system. \n\n1) Input passed via the \"displayprogress\" parameter to\nenduser/process.cgi is not properly sanitised before being returned\nto the user. This can be exploited to execute arbitrary HTML and\nscript code in a user\u0027s browser session in context of an affected\nsite. \n\nNote: This vulnerability only affects version 5.5.5. \n\n3) Certain unspecified input is not properly verified before being\nused to access files. \n\n4) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n5) An error in the application allows access to certain\nadministrative modules without checking for authentication. \n\n6) Certain unspecified input is not properly sanitised before being\nused and can be exploited to inject and execute arbitrary commands. \n\nSOLUTION:\nApply patches. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Karan Khosla, Sense of Security Labs. \n2 - 6) Scott Miles, Clear Skies Security via US-CERT. \n\nORIGINAL ADVISORY:\nProofpoint:\nhttps://support.proofpoint.com/article.cgi?article_id=338413\n\nSense of Security Labs:\nhttp://www.senseofsecurity.com.au/advisories/SOS-11-005\n\nUS-CERT VU#790980:\nhttp://www.kb.cert.org/vuls/id/790980\n\nClear Skies Security:\nhttp://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1902"
},
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004591"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78468"
},
{
"db": "VULHUB",
"id": "VHN-49847"
},
{
"db": "PACKETSTORM",
"id": "101135"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980",
"trust": 4.8
},
{
"db": "NVD",
"id": "CVE-2011-1902",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004591",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201105-066",
"trust": 0.7
},
{
"db": "BID",
"id": "78468",
"trust": 0.4
},
{
"db": "BID",
"id": "47675",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "44457",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-49847",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101135",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49847"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78468"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004591"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1902"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-066"
}
]
},
"id": "VAR-201105-0113",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49847"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:45:53.595000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com"
},
{
"title": "Call Tracking System - Login (Customer Support web site\uff09",
"trust": 0.8,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004591"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49847"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004591"
},
{
"db": "NVD",
"id": "CVE-2011-1902"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "http://www.kb.cert.org/vuls/id/790980"
},
{
"trust": 2.9,
"url": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php"
},
{
"trust": 2.9,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1902"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1902"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu790980"
},
{
"trust": 0.3,
"url": "http://www.proofpoint.com/products/index.php"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457"
},
{
"trust": 0.1,
"url": "http://www.senseofsecurity.com.au/advisories/sos-11-005"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49847"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78468"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004591"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1902"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-066"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49847"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78468"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004591"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1902"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-066"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-49847"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2011-05-05T00:00:00",
"db": "BID",
"id": "78468"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004591"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2011-05-05T06:57:39",
"db": "PACKETSTORM",
"id": "101135"
},
{
"date": "2011-05-05T14:55:03.213000",
"db": "NVD",
"id": "CVE-2011-1902"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-066"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-49847"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2011-05-05T00:00:00",
"db": "BID",
"id": "78468"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004591"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2011-05-31T04:00:00",
"db": "NVD",
"id": "CVE-2011-1902"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-066"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78468"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Proofpoint Protection Server contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78468"
}
],
"trust": 0.6
}
}
VAR-201105-0114
Vulnerability from variot - Updated: 2023-12-18 12:45SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security's advisory of TECHNICAL DETAILS Describes each vulnerability as follows: "Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials. Path Traversal Allows Access to System Files Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application."A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability 2. A command-injection vulnerability 3. An SQL-injection vulnerability 4. A security-bypass vulnerability 5. A directory-traversal vulnerability Attackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ----------------------------------------------------------------------
Secunia is hiring!
http://secunia.com/company/jobs/
TITLE: Proofpoint Enterprise Protection Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44457
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44457/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
RELEASE DATE: 2011-05-04
DISCUSS ADVISORY: http://secunia.com/advisories/44457/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44457/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Proofpoint Enterprise Protection, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system.
1) Input passed via the "displayprogress" parameter to enduser/process.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Note: This vulnerability only affects version 5.5.5.
3) Certain unspecified input is not properly verified before being used to access files.
4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
5) An error in the application allows access to certain administrative modules without checking for authentication.
6) Certain unspecified input is not properly sanitised before being used and can be exploited to inject and execute arbitrary commands.
SOLUTION: Apply patches.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: 1) Karan Khosla, Sense of Security Labs. 2 - 6) Scott Miles, Clear Skies Security via US-CERT.
ORIGINAL ADVISORY: Proofpoint: https://support.proofpoint.com/article.cgi?article_id=338413
Sense of Security Labs: http://www.senseofsecurity.com.au/advisories/SOS-11-005
US-CERT VU#790980: http://www.kb.cert.org/vuls/id/790980
Clear Skies Security: http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201105-0114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.3"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "protection server",
"scope": "eq",
"trust": 1.6,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "proofpoint",
"version": "6.2.0.263:6.2.0.237"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.8,
"vendor": "proofpoint",
"version": "and 6.2.0"
},
{
"model": "protection server",
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.3"
},
{
"model": "messaging security gateway 6.2.0.263%3a6.2.0.23",
"scope": null,
"trust": 0.3,
"vendor": "proofpoint",
"version": null
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:messaging_security_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.0.263\\:6.2.0.237",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1903"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73792"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1903",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-1903",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-49848",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-1903",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#790980",
"trust": 0.8,
"value": "22.50"
},
{
"author": "CNNVD",
"id": "CNNVD-201105-067",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-49848",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security\u0027s advisory of TECHNICAL DETAILS Describes each vulnerability as follows: \"Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user\u2019s login credentials. Path Traversal Allows Access to System Files Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application.\"A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. An SQL-injection vulnerability\n4. A security-bypass vulnerability\n5. A directory-traversal vulnerability\nAttackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ----------------------------------------------------------------------\n\n\nSecunia is hiring!\n\nhttp://secunia.com/company/jobs/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nProofpoint Enterprise Protection Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44457\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44457/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nRELEASE DATE:\n2011-05-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44457/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44457/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proofpoint Enterprise\nProtection, which can be exploited by malicious people to conduct\ncross-site scripting and SQL injection attacks, bypass certain\nsecurity restrictions, disclose sensitive information, and compromise\na vulnerable system. \n\n1) Input passed via the \"displayprogress\" parameter to\nenduser/process.cgi is not properly sanitised before being returned\nto the user. This can be exploited to execute arbitrary HTML and\nscript code in a user\u0027s browser session in context of an affected\nsite. \n\nNote: This vulnerability only affects version 5.5.5. \n\n3) Certain unspecified input is not properly verified before being\nused to access files. \n\n4) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n5) An error in the application allows access to certain\nadministrative modules without checking for authentication. \n\n6) Certain unspecified input is not properly sanitised before being\nused and can be exploited to inject and execute arbitrary commands. \n\nSOLUTION:\nApply patches. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Karan Khosla, Sense of Security Labs. \n2 - 6) Scott Miles, Clear Skies Security via US-CERT. \n\nORIGINAL ADVISORY:\nProofpoint:\nhttps://support.proofpoint.com/article.cgi?article_id=338413\n\nSense of Security Labs:\nhttp://www.senseofsecurity.com.au/advisories/SOS-11-005\n\nUS-CERT VU#790980:\nhttp://www.kb.cert.org/vuls/id/790980\n\nClear Skies Security:\nhttp://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1903"
},
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "PACKETSTORM",
"id": "101135"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980",
"trust": 4.8
},
{
"db": "NVD",
"id": "CVE-2011-1903",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067",
"trust": 0.7
},
{
"db": "BID",
"id": "73792",
"trust": 0.4
},
{
"db": "BID",
"id": "47675",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "44457",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-49848",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101135",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067"
}
]
},
"id": "VAR-201105-0114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49848"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:45:53.542000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com"
},
{
"title": "Call Tracking System - Login (Customer Support web site\uff09",
"trust": 0.8,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "http://www.kb.cert.org/vuls/id/790980"
},
{
"trust": 2.9,
"url": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php"
},
{
"trust": 2.9,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1903"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1903"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu790980"
},
{
"trust": 0.3,
"url": "http://www.proofpoint.com/products/index.php"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457"
},
{
"trust": 0.1,
"url": "http://www.senseofsecurity.com.au/advisories/sos-11-005"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49848"
},
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1903"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-067"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-49848"
},
{
"date": "2011-05-05T00:00:00",
"db": "BID",
"id": "73792"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2011-05-05T06:57:39",
"db": "PACKETSTORM",
"id": "101135"
},
{
"date": "2011-05-05T14:55:03.260000",
"db": "NVD",
"id": "CVE-2011-1903"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-067"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-49848"
},
{
"date": "2011-05-05T00:00:00",
"db": "BID",
"id": "73792"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004592"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2011-05-31T04:00:00",
"db": "NVD",
"id": "CVE-2011-1903"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-067"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Proofpoint Protection Server contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "73792"
},
{
"db": "BID",
"id": "47675"
}
],
"trust": 0.6
}
}
VAR-201105-0112
Vulnerability from variot - Updated: 2023-12-18 12:45The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security's advisory of TECHNICAL DETAILS Describes each vulnerability as follows: "Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials. Path Traversal Allows Access to System Files Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application."A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability 2. A command-injection vulnerability 3. An SQL-injection vulnerability 4. A security-bypass vulnerability 5. A directory-traversal vulnerability Attackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ----------------------------------------------------------------------
Secunia is hiring!
http://secunia.com/company/jobs/
TITLE: Proofpoint Enterprise Protection Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44457
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44457/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
RELEASE DATE: 2011-05-04
DISCUSS ADVISORY: http://secunia.com/advisories/44457/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44457/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Proofpoint Enterprise Protection, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system.
1) Input passed via the "displayprogress" parameter to enduser/process.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Note: This vulnerability only affects version 5.5.5.
3) Certain unspecified input is not properly verified before being used to access files.
4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
5) An error in the application allows access to certain administrative modules without checking for authentication.
6) Certain unspecified input is not properly sanitised before being used and can be exploited to inject and execute arbitrary commands.
SOLUTION: Apply patches.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: 1) Karan Khosla, Sense of Security Labs. 2 - 6) Scott Miles, Clear Skies Security via US-CERT.
ORIGINAL ADVISORY: Proofpoint: https://support.proofpoint.com/article.cgi?article_id=338413
Sense of Security Labs: http://www.senseofsecurity.com.au/advisories/SOS-11-005
US-CERT VU#790980: http://www.kb.cert.org/vuls/id/790980
Clear Skies Security: http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201105-0112",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.3"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "protection server",
"scope": "eq",
"trust": 1.6,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "proofpoint",
"version": "6.2.0.263:6.2.0.237"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.8,
"vendor": "proofpoint",
"version": "and 6.2.0"
},
{
"model": "protection server",
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.3"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.3"
},
{
"model": "messaging security gateway 6.2.0.263%3a6.2.0.23",
"scope": null,
"trust": 0.3,
"vendor": "proofpoint",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78561"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004590"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "NVD",
"id": "CVE-2011-1901"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-065"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:messaging_security_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.0.263\\:6.2.0.237",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1901"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Miles of Clear Skies Security.",
"sources": [
{
"db": "BID",
"id": "47675"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1901",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-1901",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-49846",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-1901",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#790980",
"trust": 0.8,
"value": "22.50"
},
{
"author": "CNNVD",
"id": "CNNVD-201105-065",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-49846",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49846"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004590"
},
{
"db": "NVD",
"id": "CVE-2011-1901"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-065"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security\u0027s advisory of TECHNICAL DETAILS Describes each vulnerability as follows: \"Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user\u2019s login credentials. Path Traversal Allows Access to System Files Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application.\"A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. An SQL-injection vulnerability\n4. A security-bypass vulnerability\n5. A directory-traversal vulnerability\nAttackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ----------------------------------------------------------------------\n\n\nSecunia is hiring!\n\nhttp://secunia.com/company/jobs/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nProofpoint Enterprise Protection Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44457\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44457/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nRELEASE DATE:\n2011-05-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44457/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44457/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proofpoint Enterprise\nProtection, which can be exploited by malicious people to conduct\ncross-site scripting and SQL injection attacks, bypass certain\nsecurity restrictions, disclose sensitive information, and compromise\na vulnerable system. \n\n1) Input passed via the \"displayprogress\" parameter to\nenduser/process.cgi is not properly sanitised before being returned\nto the user. This can be exploited to execute arbitrary HTML and\nscript code in a user\u0027s browser session in context of an affected\nsite. \n\nNote: This vulnerability only affects version 5.5.5. \n\n3) Certain unspecified input is not properly verified before being\nused to access files. \n\n4) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n5) An error in the application allows access to certain\nadministrative modules without checking for authentication. \n\n6) Certain unspecified input is not properly sanitised before being\nused and can be exploited to inject and execute arbitrary commands. \n\nSOLUTION:\nApply patches. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Karan Khosla, Sense of Security Labs. \n2 - 6) Scott Miles, Clear Skies Security via US-CERT. \n\nORIGINAL ADVISORY:\nProofpoint:\nhttps://support.proofpoint.com/article.cgi?article_id=338413\n\nSense of Security Labs:\nhttp://www.senseofsecurity.com.au/advisories/SOS-11-005\n\nUS-CERT VU#790980:\nhttp://www.kb.cert.org/vuls/id/790980\n\nClear Skies Security:\nhttp://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1901"
},
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004590"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78561"
},
{
"db": "VULHUB",
"id": "VHN-49846"
},
{
"db": "PACKETSTORM",
"id": "101135"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980",
"trust": 4.8
},
{
"db": "NVD",
"id": "CVE-2011-1901",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004590",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201105-065",
"trust": 0.7
},
{
"db": "BID",
"id": "78561",
"trust": 0.4
},
{
"db": "BID",
"id": "47675",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "44457",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-49846",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101135",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49846"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78561"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004590"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1901"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-065"
}
]
},
"id": "VAR-201105-0112",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49846"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:45:53.497000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com"
},
{
"title": "Call Tracking System - Login (Customer Support web site\uff09",
"trust": 0.8,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004590"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49846"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004590"
},
{
"db": "NVD",
"id": "CVE-2011-1901"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "http://www.kb.cert.org/vuls/id/790980"
},
{
"trust": 2.9,
"url": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php"
},
{
"trust": 2.9,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1901"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1901"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu790980"
},
{
"trust": 0.3,
"url": "http://www.proofpoint.com/products/index.php"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457"
},
{
"trust": 0.1,
"url": "http://www.senseofsecurity.com.au/advisories/sos-11-005"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49846"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78561"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004590"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1901"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-065"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49846"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78561"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004590"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1901"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-065"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-49846"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2011-05-05T00:00:00",
"db": "BID",
"id": "78561"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004590"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2011-05-05T06:57:39",
"db": "PACKETSTORM",
"id": "101135"
},
{
"date": "2011-05-05T14:55:03.183000",
"db": "NVD",
"id": "CVE-2011-1901"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-065"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-49846"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2011-05-05T00:00:00",
"db": "BID",
"id": "78561"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004590"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2011-05-31T04:00:00",
"db": "NVD",
"id": "CVE-2011-1901"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-065"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "47675"
},
{
"db": "BID",
"id": "78561"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Proofpoint Protection Server contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-065"
}
],
"trust": 0.6
}
}
VAR-201105-0116
Vulnerability from variot - Updated: 2023-12-18 12:45Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security's advisory of TECHNICAL DETAILS Describes each vulnerability as follows: "Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials. Path Traversal Allows Access to System Files Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application."A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability 2. A command-injection vulnerability 3. An SQL-injection vulnerability 4. A security-bypass vulnerability 5. A directory-traversal vulnerability Attackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. A remote attacker hijacks an administrator's authentication request with the help of an unknown vector. ----------------------------------------------------------------------
Secunia is hiring!
http://secunia.com/company/jobs/
TITLE: Proofpoint Enterprise Protection Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44457
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44457/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
RELEASE DATE: 2011-05-04
DISCUSS ADVISORY: http://secunia.com/advisories/44457/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44457/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Proofpoint Enterprise Protection, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system.
1) Input passed via the "displayprogress" parameter to enduser/process.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Note: This vulnerability only affects version 5.5.5.
3) Certain unspecified input is not properly verified before being used to access files.
4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
5) An error in the application allows access to certain administrative modules without checking for authentication.
6) Certain unspecified input is not properly sanitised before being used and can be exploited to inject and execute arbitrary commands.
SOLUTION: Apply patches.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: 1) Karan Khosla, Sense of Security Labs. 2 - 6) Scott Miles, Clear Skies Security via US-CERT.
ORIGINAL ADVISORY: Proofpoint: https://support.proofpoint.com/article.cgi?article_id=338413
Sense of Security Labs: http://www.senseofsecurity.com.au/advisories/SOS-11-005
US-CERT VU#790980: http://www.kb.cert.org/vuls/id/790980
Clear Skies Security: http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201105-0116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "protection server",
"scope": "eq",
"trust": 2.4,
"vendor": "proofpoint",
"version": "5.5.3"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.4,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.4,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.4,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.4,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "protection server",
"scope": "eq",
"trust": 1.6,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "proofpoint",
"version": "6.2.0.263:6.2.0.237"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.8,
"vendor": "proofpoint",
"version": "and 6.2.0"
},
{
"model": "protection server",
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004594"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "NVD",
"id": "CVE-2011-1905"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-069"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:messaging_security_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.0.263\\:6.2.0.237",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1905"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Miles of Clear Skies Security.",
"sources": [
{
"db": "BID",
"id": "47675"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1905",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-1905",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-49850",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-1905",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#790980",
"trust": 0.8,
"value": "22.50"
},
{
"author": "CNNVD",
"id": "CNNVD-201105-069",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-49850",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49850"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004594"
},
{
"db": "NVD",
"id": "CVE-2011-1905"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-069"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication of administrators via unknown vectors. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security\u0027s advisory of TECHNICAL DETAILS Describes each vulnerability as follows: \"Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user\u2019s login credentials. Path Traversal Allows Access to System Files Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Command Injection A function in the Proofpoint web interface can be manipulated into executing any command on the server. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application.\"A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. An SQL-injection vulnerability\n4. A security-bypass vulnerability\n5. A directory-traversal vulnerability\nAttackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. A remote attacker hijacks an administrator\u0027s authentication request with the help of an unknown vector. ----------------------------------------------------------------------\n\n\nSecunia is hiring!\n\nhttp://secunia.com/company/jobs/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nProofpoint Enterprise Protection Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44457\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44457/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nRELEASE DATE:\n2011-05-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44457/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44457/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proofpoint Enterprise\nProtection, which can be exploited by malicious people to conduct\ncross-site scripting and SQL injection attacks, bypass certain\nsecurity restrictions, disclose sensitive information, and compromise\na vulnerable system. \n\n1) Input passed via the \"displayprogress\" parameter to\nenduser/process.cgi is not properly sanitised before being returned\nto the user. This can be exploited to execute arbitrary HTML and\nscript code in a user\u0027s browser session in context of an affected\nsite. \n\nNote: This vulnerability only affects version 5.5.5. \n\n3) Certain unspecified input is not properly verified before being\nused to access files. \n\n4) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n5) An error in the application allows access to certain\nadministrative modules without checking for authentication. \n\n6) Certain unspecified input is not properly sanitised before being\nused and can be exploited to inject and execute arbitrary commands. \n\nSOLUTION:\nApply patches. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Karan Khosla, Sense of Security Labs. \n2 - 6) Scott Miles, Clear Skies Security via US-CERT. \n\nORIGINAL ADVISORY:\nProofpoint:\nhttps://support.proofpoint.com/article.cgi?article_id=338413\n\nSense of Security Labs:\nhttp://www.senseofsecurity.com.au/advisories/SOS-11-005\n\nUS-CERT VU#790980:\nhttp://www.kb.cert.org/vuls/id/790980\n\nClear Skies Security:\nhttp://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1905"
},
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004594"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "VULHUB",
"id": "VHN-49850"
},
{
"db": "PACKETSTORM",
"id": "101135"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980",
"trust": 4.5
},
{
"db": "NVD",
"id": "CVE-2011-1905",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004594",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201105-069",
"trust": 0.7
},
{
"db": "BID",
"id": "47675",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "44457",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-49850",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101135",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49850"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004594"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1905"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-069"
}
]
},
"id": "VAR-201105-0116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49850"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:45:53.456000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com"
},
{
"title": "Call Tracking System - Login (Customer Support web site\uff09",
"trust": 0.8,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004594"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49850"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004594"
},
{
"db": "NVD",
"id": "CVE-2011-1905"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://www.kb.cert.org/vuls/id/790980"
},
{
"trust": 2.6,
"url": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php"
},
{
"trust": 2.6,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1905"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1905"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu790980"
},
{
"trust": 0.3,
"url": "http://www.proofpoint.com/products/index.php"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457"
},
{
"trust": 0.1,
"url": "http://www.senseofsecurity.com.au/advisories/sos-11-005"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49850"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004594"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1905"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-069"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49850"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004594"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1905"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-069"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-49850"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004594"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2011-05-05T06:57:39",
"db": "PACKETSTORM",
"id": "101135"
},
{
"date": "2011-05-05T14:55:03.340000",
"db": "NVD",
"id": "CVE-2011-1905"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-069"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-49850"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004594"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2011-05-31T04:00:00",
"db": "NVD",
"id": "CVE-2011-1905"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-069"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-069"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Proofpoint Protection Server contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-069"
}
],
"trust": 0.6
}
}
VAR-201105-0115
Vulnerability from variot - Updated: 2023-12-18 12:45An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command injection" issue. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security's advisory of TECHNICAL DETAILS Describes each vulnerability as follows: "Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials. Path Traversal Allows Access to System Files Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application."A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability 2. A command-injection vulnerability 3. An SQL-injection vulnerability 4. A security-bypass vulnerability 5. A directory-traversal vulnerability Attackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ----------------------------------------------------------------------
Secunia is hiring!
http://secunia.com/company/jobs/
TITLE: Proofpoint Enterprise Protection Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA44457
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44457/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
RELEASE DATE: 2011-05-04
DISCUSS ADVISORY: http://secunia.com/advisories/44457/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44457/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44457
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Proofpoint Enterprise Protection, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system.
1) Input passed via the "displayprogress" parameter to enduser/process.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Note: This vulnerability only affects version 5.5.5.
3) Certain unspecified input is not properly verified before being used to access files.
4) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
5) An error in the application allows access to certain administrative modules without checking for authentication.
6) Certain unspecified input is not properly sanitised before being used and can be exploited to inject and execute arbitrary commands.
SOLUTION: Apply patches.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: 1) Karan Khosla, Sense of Security Labs. 2 - 6) Scott Miles, Clear Skies Security via US-CERT.
ORIGINAL ADVISORY: Proofpoint: https://support.proofpoint.com/article.cgi?article_id=338413
Sense of Security Labs: http://www.senseofsecurity.com.au/advisories/SOS-11-005
US-CERT VU#790980: http://www.kb.cert.org/vuls/id/790980
Clear Skies Security: http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201105-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "5.5.3"
},
{
"model": "protection server",
"scope": "eq",
"trust": 2.7,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "protection server",
"scope": "eq",
"trust": 1.6,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "protection server",
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": "messaging security gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "proofpoint",
"version": "6.2.0.263:6.2.0.237"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.8,
"vendor": "proofpoint",
"version": "and 6.2.0"
},
{
"model": "messaging security gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "proofpoint",
"version": "6.2.0.263\\:6.2.0.237"
},
{
"model": "protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.3"
},
{
"model": "messaging security gateway 6.2.0.263%3a6.2.0.23",
"scope": null,
"trust": 0.3,
"vendor": "proofpoint",
"version": null
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.2.0"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.1.1"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "6.0.2"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.5"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.4"
},
{
"model": "inc proofpoint protection server",
"scope": "eq",
"trust": 0.3,
"vendor": "proofpoint",
"version": "5.5.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "BID",
"id": "78473"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004593"
},
{
"db": "NVD",
"id": "CVE-2011-1904"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-068"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:messaging_security_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2.0.263\\:6.2.0.237",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:5.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:proofpoint:protection_server:6.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1904"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78473"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1904",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-1904",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-49849",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-1904",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#790980",
"trust": 0.8,
"value": "22.50"
},
{
"author": "CNNVD",
"id": "CNNVD-201105-068",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-49849",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004593"
},
{
"db": "NVD",
"id": "CVE-2011-1904"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-068"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a \"command injection\" issue. Proofpoint Protection Server Has multiple vulnerabilities. Proofpoint Protection Server Includes authentication bypass, command injection, SQL Multiple vulnerabilities exist, including injection and directory traversal. Clear Skies Security\u0027s advisory of TECHNICAL DETAILS Describes each vulnerability as follows: \"Enduser Authentication Bypass User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user\u2019s login credentials. Path Traversal Allows Access to System Files Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface. Proofpoint SQL Injection A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection. Proofpoint Forced Browsing / Insufficient Page Authorization Some administrative modules are accessible without authenticating with the application.\"A remote attacker could execute arbitrary commands or download arbitrary files. An authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. An SQL-injection vulnerability\n4. A security-bypass vulnerability\n5. A directory-traversal vulnerability\nAttackers may exploit these issues to retrieve arbitrary files from the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. ----------------------------------------------------------------------\n\n\nSecunia is hiring!\n\nhttp://secunia.com/company/jobs/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nProofpoint Enterprise Protection Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44457\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44457/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nRELEASE DATE:\n2011-05-04\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44457/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44457/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proofpoint Enterprise\nProtection, which can be exploited by malicious people to conduct\ncross-site scripting and SQL injection attacks, bypass certain\nsecurity restrictions, disclose sensitive information, and compromise\na vulnerable system. \n\n1) Input passed via the \"displayprogress\" parameter to\nenduser/process.cgi is not properly sanitised before being returned\nto the user. This can be exploited to execute arbitrary HTML and\nscript code in a user\u0027s browser session in context of an affected\nsite. \n\nNote: This vulnerability only affects version 5.5.5. \n\n3) Certain unspecified input is not properly verified before being\nused to access files. \n\n4) Certain unspecified input is not properly sanitised before being\nused in SQL queries. This can be exploited to manipulate SQL queries\nby injecting arbitrary SQL code. \n\n5) An error in the application allows access to certain\nadministrative modules without checking for authentication. \n\n6) Certain unspecified input is not properly sanitised before being\nused and can be exploited to inject and execute arbitrary commands. \n\nSOLUTION:\nApply patches. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\n1) Karan Khosla, Sense of Security Labs. \n2 - 6) Scott Miles, Clear Skies Security via US-CERT. \n\nORIGINAL ADVISORY:\nProofpoint:\nhttps://support.proofpoint.com/article.cgi?article_id=338413\n\nSense of Security Labs:\nhttp://www.senseofsecurity.com.au/advisories/SOS-11-005\n\nUS-CERT VU#790980:\nhttp://www.kb.cert.org/vuls/id/790980\n\nClear Skies Security:\nhttp://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1904"
},
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004593"
},
{
"db": "BID",
"id": "78473"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "VULHUB",
"id": "VHN-49849"
},
{
"db": "PACKETSTORM",
"id": "101135"
}
],
"trust": 3.78
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980",
"trust": 4.8
},
{
"db": "NVD",
"id": "CVE-2011-1904",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004593",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201105-068",
"trust": 0.7
},
{
"db": "BID",
"id": "78473",
"trust": 0.4
},
{
"db": "BID",
"id": "47675",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "44457",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-49849",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101135",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49849"
},
{
"db": "BID",
"id": "78473"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004593"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1904"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-068"
}
]
},
"id": "VAR-201105-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49849"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:45:53.412000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com"
},
{
"title": "Call Tracking System - Login (Customer Support web site\uff09",
"trust": 0.8,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.proofpoint.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004593"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49849"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004593"
},
{
"db": "NVD",
"id": "CVE-2011-1904"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "http://www.kb.cert.org/vuls/id/790980"
},
{
"trust": 2.9,
"url": "http://www.clearskies.net/documents/css-advisory-css1105-proofpoint.php"
},
{
"trust": 2.9,
"url": "https://support.proofpoint.com/article.cgi?article_id=338413"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu790980"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1904"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1904"
},
{
"trust": 0.3,
"url": "http://www.proofpoint.com/products/index.php"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44457"
},
{
"trust": 0.1,
"url": "http://www.senseofsecurity.com.au/advisories/sos-11-005"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44457/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49849"
},
{
"db": "BID",
"id": "78473"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004593"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1904"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-068"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#790980"
},
{
"db": "VULHUB",
"id": "VHN-49849"
},
{
"db": "BID",
"id": "78473"
},
{
"db": "BID",
"id": "47675"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004593"
},
{
"db": "PACKETSTORM",
"id": "101135"
},
{
"db": "NVD",
"id": "CVE-2011-1904"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-068"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-49849"
},
{
"date": "2011-05-05T00:00:00",
"db": "BID",
"id": "78473"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004593"
},
{
"date": "2011-05-05T06:57:39",
"db": "PACKETSTORM",
"id": "101135"
},
{
"date": "2011-05-05T14:55:03.293000",
"db": "NVD",
"id": "CVE-2011-1904"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-068"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-02T00:00:00",
"db": "CERT/CC",
"id": "VU#790980"
},
{
"date": "2011-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-49849"
},
{
"date": "2011-05-05T00:00:00",
"db": "BID",
"id": "78473"
},
{
"date": "2011-05-02T00:00:00",
"db": "BID",
"id": "47675"
},
{
"date": "2011-05-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001625"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004593"
},
{
"date": "2011-05-31T04:00:00",
"db": "NVD",
"id": "CVE-2011-1904"
},
{
"date": "2011-05-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-068"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "78473"
},
{
"db": "BID",
"id": "47675"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Proofpoint Protection Server contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#790980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-068"
}
],
"trust": 0.6
}
}
VAR-201107-0115
Vulnerability from variot - Updated: 2023-12-18 11:33Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding. Autonomy Provided by Autonomy KeyView IDOL Is 1000 A library that decodes the above file formats. IBM Lotus Notes , Lotus Domino , Symantec Mail Security , Hyland OnBase Used in such applications. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. (DoS) An attacker may be attacked or execute arbitrary code with user privileges. Autonomy KeyView Filter is prone to a buffer-overflow vulnerability because of a failure to properly bounds check user-supplied input. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file or email attachment. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously discussed in BID 47962 (IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities) but has been given its own record to better document it. KeyView is a software package for exporting, converting and viewing files in various formats.
For more information: SA44820
SOLUTION: Do not open documents from untrusted sources.
For more information: SA44820
Successful exploitation requires the attachment content scanning option to be enabled.
SOLUTION: Disable the attachment content scanning option. ----------------------------------------------------------------------
Alerts when vulnerabilities pose a threat to your infrastructure The enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies.
For more information see vulnerability #6 in: SA44624
Please see the vendor's advisory for the list for affected products. ----------------------------------------------------------------------
Join Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria See to the presentation "The Dynamics and Threats of End-Point Software Portfolios" by Secunia's Research Analyst Director, Stefan Frei. Read more: http://conference.first.org/
TITLE: Autonomy KeyView File Processing Vulnerabilities
SECUNIA ADVISORY ID: SA44820
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44820/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44820
RELEASE DATE: 2011-06-08
DISCUSS ADVISORY: http://secunia.com/advisories/44820/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/44820/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=44820
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system.
1) An error when processing Windows Write (WRI) files can be exploited to cause a stack-based buffer overflow.
2) Some errors when processing unspecified file formats can be exploited to corrupt memory. No further information is currently available.
The vulnerabilities are reported in versions prior to 10.13.1.
SOLUTION: Update to version 10.13.1.
PROVIDED AND/OR DISCOVERED BY: Will Dormann and Jared Allar, CERT/CC.
ORIGINAL ADVISORY: US-CERT (VU#126159): http://www.kb.cert.org/vuls/id/126159
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201107-0115",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "8.1.1"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "5.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "8.1"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "7.7"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "4.0.0"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "4.1.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "10"
},
{
"model": "mail security",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.5"
},
{
"model": "mail security",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "9.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "mail security",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "6.0.0"
},
{
"model": "brightmail and messaging gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "9.0"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.2"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "9.0.1"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "9.0.2"
},
{
"model": "data loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "7.1"
},
{
"model": "data loss prevention",
"scope": "lte",
"trust": 1.0,
"vendor": "symantec",
"version": "10.5.2"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "autonomy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "emc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hyland",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lotus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mcafee",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "palisade",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "proofpoint",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "symantec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trend micro",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "verdasys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "websense",
"version": null
},
{
"model": "keyview idol",
"scope": "lt",
"trust": 0.8,
"vendor": "autonomy",
"version": "10.13.1 earlier"
},
{
"model": "brightmail gateway and symantec messaging gateway",
"scope": "lte",
"trust": 0.8,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "data loss prevention endpoint agents",
"scope": "lte",
"trust": 0.8,
"vendor": "symantec",
"version": "10.x"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11.x"
},
{
"model": "data loss prevention enforce/detection servers",
"scope": "lte",
"trust": 0.8,
"vendor": "symantec",
"version": "(linux) 10.x"
},
{
"model": "data loss prevention enforce/detection servers",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "(linux) 11.x"
},
{
"model": "data loss prevention enforce/detection servers",
"scope": "lte",
"trust": 0.8,
"vendor": "symantec",
"version": "(windows) 10.x"
},
{
"model": "data loss prevention enforce/detection servers",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "(windows) 11.x"
},
{
"model": "mail security",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "(domino) 7.5.x"
},
{
"model": "mail security",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "(domino) 8.x"
},
{
"model": "mail security",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "(exchange) 6.x"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.11"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.10"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.9"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.8"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.7"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.6"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0"
},
{
"model": "mail security for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.0.1"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.3"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.2"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.1"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.10"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.9"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.8"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.7"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.6"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.325"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.5.32"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.4.29"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.3.25"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.0.19"
},
{
"model": "mail security for domino",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1010.18007"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.187"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.2"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.101"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.10.9"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.3"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.6.2"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.10.38"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "data loss prevention endpoint agents",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1010.18007"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.185"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.3"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.2"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.1"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.101"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.10.8"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.1"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.228"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.5.15"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0.1010.18007"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.185"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.3"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.2"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.101"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.10.8"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "7.238"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1.5.15"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "10.0"
},
{
"model": "brightmail gateway series appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "83000"
},
{
"model": "brightmail gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0.2"
},
{
"model": "brightmail gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.2"
},
{
"model": "brightmail gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.1"
},
{
"model": "brightmail gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.0"
},
{
"model": "brightmail gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0"
},
{
"model": "brightmail and messaging gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5"
},
{
"model": "host data loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.2"
},
{
"model": "host data loss prevention",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "9.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.6"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.4"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.3"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.1"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "lotus notes fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "lotus notes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.6"
},
{
"model": "lotus notes fp3",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes fp2",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.5"
},
{
"model": "lotus notes fp1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.5.2"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.4"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.3"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "9.2"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.9"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.8"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.5"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.12"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.11"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.10"
},
{
"model": "keyview viewer sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10"
},
{
"model": "keyview idol",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.9"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.4"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.3"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "9.2"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.8"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.5"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.12"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.11"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.10"
},
{
"model": "keyview filter sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.4"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.3"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "9.2"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.9"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.8"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.5"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.12"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.10"
},
{
"model": "keyview export sdk",
"scope": "eq",
"trust": 0.3,
"vendor": "autonomy",
"version": "10"
},
{
"model": "messaging gateway",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "9.5.1"
},
{
"model": "mail security for microsoft exchange",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.5.5"
},
{
"model": "mail security for microsoft exchange",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "6.0.12"
},
{
"model": "mail security for domino",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "8.0.8"
},
{
"model": "mail security for domino",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "7.5.11"
},
{
"model": "data loss prevention endpoint agents",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1"
},
{
"model": "data loss prevention endpoint agents",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.3"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1"
},
{
"model": "data loss prevention detection servers for windows",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.3"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "11.1"
},
{
"model": "data loss prevention detection servers for linux",
"scope": "ne",
"trust": 0.3,
"vendor": "symantec",
"version": "10.5.3"
},
{
"model": "keyview idol",
"scope": "ne",
"trust": 0.3,
"vendor": "autonomy",
"version": "10.13.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "BID",
"id": "48013"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:symantec:mail_security:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:mail_security:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:mail_security:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:9.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:9.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:brightmail_and_messaging_gateway:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:8.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.5.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:10.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:symantec:data_loss_prevention:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0548"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Secunia",
"sources": [
{
"db": "PACKETSTORM",
"id": "102365"
},
{
"db": "PACKETSTORM",
"id": "102187"
},
{
"db": "PACKETSTORM",
"id": "101914"
},
{
"db": "PACKETSTORM",
"id": "102081"
},
{
"db": "PACKETSTORM",
"id": "115865"
}
],
"trust": 0.5
},
"cve": "CVE-2011-0548",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 7.4,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 8.6,
"id": "VU#126159",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-0548",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-48493",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-0548",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#126159",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201106-004",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-48493",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding. Autonomy Provided by Autonomy KeyView IDOL Is 1000 A library that decodes the above file formats. IBM Lotus Notes , Lotus Domino , Symantec Mail Security , Hyland OnBase Used in such applications. Autonomy KeyView IDOL Contains multiple vulnerabilities in file decoding.Although the impact will vary depending on the application, service operation may be interrupted by opening a specially crafted file. (DoS) An attacker may be attacked or execute arbitrary code with user privileges. Autonomy KeyView Filter is prone to a buffer-overflow vulnerability because of a failure to properly bounds check user-supplied input. \nAn attacker can exploit this issue by enticing an unsuspecting victim to open a malicious file or email attachment. Failed exploit attempts will result in a denial-of-service condition. \nNOTE: This issue was previously discussed in BID 47962 (IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities) but has been given its own record to better document it. KeyView is a software package for exporting, converting and viewing files in various formats. \n\nFor more information:\nSA44820\n\nSOLUTION:\nDo not open documents from untrusted sources. \n\nFor more information:\nSA44820\n\nSuccessful exploitation requires the attachment content scanning\noption to be enabled. \n\nSOLUTION:\nDisable the attachment content scanning option. ----------------------------------------------------------------------\n\n\nAlerts when vulnerabilities pose a threat to your infrastructure\nThe enhanced reporting module of the Secunia Vulnerability Intelligence Manager (VIM) enables you to combine advisory and ticket information, and generate policy compliance statistics. Using your asset list preferences, customised notifications are issued as soon as a new vulnerability is discovered - a valuable tool for documenting mitigation strategies. \n\nFor more information see vulnerability #6 in:\nSA44624\n\nPlease see the vendor\u0027s advisory for the list for affected products. ----------------------------------------------------------------------\n\n\nJoin Secunia @ FIRST Conference, 12-17 June, Hilton Vienna, Austria\nSee to the presentation \"The Dynamics and Threats of End-Point Software Portfolios\" by Secunia\u0027s Research Analyst Director, Stefan Frei. \nRead more:\nhttp://conference.first.org/ \n\n\n----------------------------------------------------------------------\n\nTITLE:\nAutonomy KeyView File Processing Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA44820\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/44820/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44820\n\nRELEASE DATE:\n2011-06-08\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/44820/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/44820/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44820\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Autonomy KeyView,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\n1) An error when processing Windows Write (WRI) files can be\nexploited to cause a stack-based buffer overflow. \n\n2) Some errors when processing unspecified file formats can be\nexploited to corrupt memory. No further information is currently\navailable. \n\nThe vulnerabilities are reported in versions prior to 10.13.1. \n\nSOLUTION:\nUpdate to version 10.13.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nWill Dormann and Jared Allar, CERT/CC. \n\nORIGINAL ADVISORY:\nUS-CERT (VU#126159):\nhttp://www.kb.cert.org/vuls/id/126159\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0548"
},
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "BID",
"id": "48013"
},
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "PACKETSTORM",
"id": "102365"
},
{
"db": "PACKETSTORM",
"id": "102187"
},
{
"db": "PACKETSTORM",
"id": "101914"
},
{
"db": "PACKETSTORM",
"id": "102081"
},
{
"db": "PACKETSTORM",
"id": "115865"
}
],
"trust": 3.87
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-0548",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "44779",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1025596",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1025594",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1025595",
"trust": 2.5
},
{
"db": "CERT/CC",
"id": "VU#126159",
"trust": 2.3
},
{
"db": "BID",
"id": "48013",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004",
"trust": 0.7
},
{
"db": "MCAFEE",
"id": "SB10024",
"trust": 0.4
},
{
"db": "SECUNIA",
"id": "50399",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "44877",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "44878",
"trust": 0.2
},
{
"db": "SECUNIA",
"id": "44820",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-48493",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102365",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102187",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "101914",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "102081",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115865",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "BID",
"id": "48013"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "PACKETSTORM",
"id": "102365"
},
{
"db": "PACKETSTORM",
"id": "102187"
},
{
"db": "PACKETSTORM",
"id": "101914"
},
{
"db": "PACKETSTORM",
"id": "102081"
},
{
"db": "PACKETSTORM",
"id": "115865"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
]
},
"id": "VAR-201107-0115",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-48493"
}
],
"trust": 0.6
},
"last_update_date": "2023-12-18T11:33:33.995000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "KeyView IDOL \u0026 Connectors",
"trust": 0.8,
"url": "http://www.autonomy.com/content/products/idol-modules-connectors/index.en.html"
},
{
"title": "Information Connectivity",
"trust": 0.8,
"url": "http://www.autonomy.com/content/technology/idol-functionality-information-connectivity/index.en.html"
},
{
"title": "Autonomy Support Site",
"trust": 0.8,
"url": "https://customers.autonomy.com/"
},
{
"title": "SYM11-007",
"trust": 0.8,
"url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
},
{
"title": "SYM11-007",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1025594"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1025595"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1025596"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/44779"
},
{
"trust": 1.5,
"url": "http://www.kb.cert.org/vuls/id/126159"
},
{
"trust": 1.0,
"url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
},
{
"trust": 1.0,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110531_00"
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/products/idol-modules-connectors/index.en.html"
},
{
"trust": 0.8,
"url": "http://www.autonomy.com/content/technology/idol-functionality-information-connectivity/index.en.html"
},
{
"trust": 0.8,
"url": "https://customers.autonomy.com"
},
{
"trust": 0.8,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026suid=20111006_00"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu126159"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0548"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0548"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/48013"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.5,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.5,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.5,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.4,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10024"
},
{
"trust": 0.4,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/software/lotus/products/notes/"
},
{
"trust": 0.3,
"url": "http://www.autonomy.com/content/products/keyview/index.en.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21500034"
},
{
"trust": 0.3,
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=913"
},
{
"trust": 0.3,
"url": "http://conference.first.org/"
},
{
"trust": 0.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=2011\u0026amp;suid=20110531_00"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44877/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44877/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44877"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44878"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44878/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44878/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44779"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44779/"
},
{
"trust": 0.1,
"url": "http://www.youtube.com/user/secunia#p/a/u/0/m1y9sjqr2sy"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44779/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44820/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44820/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44820"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50399/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50399"
},
{
"trust": 0.1,
"url": "http://secunia.com/csi6beta"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/50399/#comments"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "BID",
"id": "48013"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "PACKETSTORM",
"id": "102365"
},
{
"db": "PACKETSTORM",
"id": "102187"
},
{
"db": "PACKETSTORM",
"id": "101914"
},
{
"db": "PACKETSTORM",
"id": "102081"
},
{
"db": "PACKETSTORM",
"id": "115865"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#126159"
},
{
"db": "VULHUB",
"id": "VHN-48493"
},
{
"db": "BID",
"id": "48013"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"db": "PACKETSTORM",
"id": "102365"
},
{
"db": "PACKETSTORM",
"id": "102187"
},
{
"db": "PACKETSTORM",
"id": "101914"
},
{
"db": "PACKETSTORM",
"id": "102081"
},
{
"db": "PACKETSTORM",
"id": "115865"
},
{
"db": "NVD",
"id": "CVE-2011-0548"
},
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-06-07T00:00:00",
"db": "CERT/CC",
"id": "VU#126159"
},
{
"date": "2011-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-48493"
},
{
"date": "2011-05-24T00:00:00",
"db": "BID",
"id": "48013"
},
{
"date": "2011-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"date": "2011-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"date": "2011-06-17T04:44:22",
"db": "PACKETSTORM",
"id": "102365"
},
{
"date": "2011-06-12T08:47:41",
"db": "PACKETSTORM",
"id": "102187"
},
{
"date": "2011-06-01T04:21:47",
"db": "PACKETSTORM",
"id": "101914"
},
{
"date": "2011-06-08T02:09:27",
"db": "PACKETSTORM",
"id": "102081"
},
{
"date": "2012-08-24T05:43:31",
"db": "PACKETSTORM",
"id": "115865"
},
{
"date": "2011-07-18T22:55:00.860000",
"db": "NVD",
"id": "CVE-2011-0548"
},
{
"date": "2011-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-06-04T00:00:00",
"db": "CERT/CC",
"id": "VU#126159"
},
{
"date": "2013-02-07T00:00:00",
"db": "VULHUB",
"id": "VHN-48493"
},
{
"date": "2015-03-19T08:17:00",
"db": "BID",
"id": "48013"
},
{
"date": "2011-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001718"
},
{
"date": "2011-07-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-001933"
},
{
"date": "2013-02-07T04:41:04.423000",
"db": "NVD",
"id": "CVE-2011-0548"
},
{
"date": "2011-07-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers",
"sources": [
{
"db": "CERT/CC",
"id": "VU#126159"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201106-004"
}
],
"trust": 0.6
}
}