Scott Miles

**Name of the Vulnerable Software and Affected Versions** Proofpoint Messaging Security Gateway versions 6.2.0.263 through 6.2.0.237 and earlier Proofpoint Protection Server versions 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, 6.2.0 **Description** The issue allows remote attackers to bypass authentication in the mail-filter web interface via unspecified vectors. **Recommendations** For Proofpoint Messaging Security Gateway versions 6.2.0.263 through 6.2.0.237 and earlier, update to a version later than 6.2.0.237 to resolve the issue. For Proofpoint Protection Server versions 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, 6.2.0, update to a version later than 6.2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Proofpoint Messaging Security Gateway versions 6.2.0.263 through 6.2.0.237 and earlier Proofpoint Protection Server versions 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 **Description** A directory traversal issue exists in the web interface, allowing remote attackers to read arbitrary files via unspecified vectors. **Recommendations** For Proofpoint Messaging Security Gateway versions 6.2.0.263 through 6.2.0.237 and earlier, update to a version later than 6.2.0.237 to resolve the issue. For Proofpoint Protection Server versions 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0, update to a version later than 6.2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Proofpoint Messaging Security Gateway versions 6.2.0.263 through 6.2.0.237 and earlier Proofpoint Protection Server versions 6.2.0, 6.1.1, 6.0.2, 5.5.5, 5.5.4, 5.5.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For Proofpoint Messaging Security Gateway versions 6.2.0.263 through 6.2.0.237 and earlier, update to a version later than 6.2.0.237. For Proofpoint Protection Server versions 6.2.0, 6.1.1, 6.0.2, 5.5.5, 5.5.4, 5.5.3 and earlier, update to a version later than 6.2.0.

**Name of the Vulnerable Software and Affected Versions** Proofpoint Messaging Security Gateway versions 6.2.0.263 through 6.2.0.237 and earlier Proofpoint Protection Server versions 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 **Description** The issue is related to a command injection problem, allowing remote attackers to execute arbitrary commands via unknown vectors. **Recommendations** For Proofpoint Messaging Security Gateway versions 6.2.0.263 through 6.2.0.237 and earlier, update to a version later than 6.2.0.237 to resolve the issue. For Proofpoint Protection Server versions 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0, update to a version later than 6.2.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Proofpoint Messaging Security Gateway versions 6.2.0.263 through 6.2.0.237 and earlier Proofpoint Protection Server versions 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 **Description** The issue allows remote attackers to hijack the authentication of administrators via unknown vectors due to multiple cross-site request forgery (CSRF) vulnerabilities in unspecified administrative modules. **Recommendations** For Proofpoint Messaging Security Gateway versions 6.2.0.263 through 6.2.0.237 and earlier, update to a version later than 6.2.0.237 to resolve the issue. For Proofpoint Protection Server versions 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0, update to a version later than 6.2.0 to resolve the issue.