ID CVE-2019-19680
Summary A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.
References
Vulnerable Configurations
  • cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:lts:*:*:*
    cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:lts:*:*:*
  • cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:-:*:*:*
    cpe:2.3:a:proofpoint:enterprise_protection:*:*:*:*:-:*:*:*
CVSS
Base: 6.8
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
Last major update 13-01-2020 - 21:21
Published 13-01-2020 - 21:15
Last modified 24-01-2020 - 14:09
Back to Top