CVE-2023-0090

Name of the Vulnerable Software and Affected Versions Proofpoint Enterprise Protection (PPS/POD) versions 8.20.0 and below

Description The webservices in Proofpoint Enterprise Protection contain a vulnerability that allows an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration.

Recommendations For versions 8.20.0 and below, consider restricting access to the webservices API to minimize the risk of exploitation. As a temporary workaround, consider disabling the eval injection functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.