PT-2024-14830 · Proofpoint · Proofpoint Enterprise Protection
Published
2024-01-09
·
Updated
2024-01-18
·
CVE-2023-5770
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Proofpoint Enterprise Protection versions prior to 8.20.2 patch 4809
Proofpoint Enterprise Protection versions prior to 8.20.0 patch 4805
Proofpoint Enterprise Protection versions prior to 8.18.6 patch 4804
Proofpoint Enterprise Protection versions prior to 8.18.6
Description
The issue is caused by inappropriate encoding when rewriting the email before delivery, allowing an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject.
Recommendations
For versions prior to 8.20.2, apply patch 4809 to resolve the issue.
For versions prior to 8.20.0, apply patch 4805 to resolve the issue.
For versions prior to 8.18.6, apply patch 4804 to resolve the issue.
As a temporary workaround, consider restricting the email delivery agent to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proofpoint Enterprise Protection