CVE-2023-0090

CVSS V2 None CVSS V3 None
Description
The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below.
Overview
  • CVE ID
  • CVE-2023-0090
  • Assigner
  • security@proofpoint.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-08T01:15:10
  • Last Modified Date
  • 2023-03-15T13:47:42
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:*:*:*:* 1 OR 8.13.22
cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:*:*:*:* 1 OR 8.18.0 8.18.4
cpe:2.3:a:proofpoint:enterprise_protection:8.18.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:proofpoint:enterprise_protection:8.20.0:*:*:*:*:*:*:* 1 OR
References
History
Created Old Value New Value Data Type Notes
2023-04-17 06:07:18 Added to TrackCVE
2023-04-17 06:07:21 Weakness Enumeration new