CVE-2020-14009

Опубликовано: 07 мая 2021

Источник: nvd

CVSS3: 6.3

CVSS2: 6.8

EPSS Низкий

Описание

Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled.

Ссылки

https://www.proofpoint.com/us/security/security-advisories
Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0006
Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories
Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0006
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:-:*:*:*

Версия до 8.13.16 (исключая)

cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:-:*:*:*

Версия от 8.14.0 (включая) до 8.16.4 (исключая)

EPSS

Процентиль: 25%

0.00089

Низкий

6.3 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-354

Связанные уязвимости

GHSA-8vj5-xmhg-p7f6

github

больше 3 лет назад

Proofpoint Enterprise Protection (PPS/PoD) before 8.17.0 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipart structures are not properly handled.