CVE-2019-19680

Опубликовано: 13 янв. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.

Ссылки

https://www.proofpoint.com/us/security/cve-2019-19680
Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0001
Vendor Advisory
https://www.proofpoint.com/us/security/cve-2019-19680
Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0001
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:lts:*:*:*

Версия до 8.9.22 (включая)

cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:-:*:*:*

Версия до 8.14.2 (включая)

EPSS

Процентиль: 57%

0.00353

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-55p9-4mmc-9c74

github

больше 3 лет назад

A file-extension filtering vulnerability in ProofPoint Protection Server Email Firewall through 8.10 allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.