Lucene search
ProofpointCVELIST:CVE-2023-0089HistoryMar 08, 2023 - 12:27 a.m.
CVE-2023-0089 Proofpoint Enterprise Protection webutils authenticated RCE
2023-03-0800:27:25
CWE-95
Proofpoint
www.cve.org
4
proofpoint
enterprise protection
webutils
authenticated
rce
vulnerability
versions 8.20.0
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
44.9%
The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through ‘eval injection’.
This affects all versions 8.20.0 and below.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "enterprise_protection",
"vendor": "proofpoint",
"versions": [
{
"changes": [
{
"at": "8.20.0 patch 4570",
"status": "unaffected"
},
{
"at": "8.18.6 patch 4568",
"status": "unaffected"
},
{
"at": "8.18.4 patch 4567",
"status": "unaffected"
},
{
"at": "8.13.22 patch 4566",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.20.0",
"status": "affected",
"version": "8.*",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2023-0089
2023-03-08 01:15:10
nvd
nvd
CVE-2023-0089
2023-03-08 01:15:10
prion
prion
Remote code execution
2023-03-08 01:15:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
44.9%
Related for CVELIST:CVE-2023-0089