NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2024-10635 | Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system. | 6.1 | 0.25% | 2025-04-28 | 2026-06-17 |
| CVE-2024-3676 | The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These accounts are able to send spoofed email to any users within the domains configured by the Administrator. | 7.5 | 0.36% | 2024-05-14 | 2026-06-17 |
| CVE-2023-5771 | Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions. | 6.1 | 0.34% | 2023-11-06 | 2026-06-17 |
| CVE-2023-4828 | An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM | 6.4 | 0.30% | 2023-09-13 | 2026-06-17 |
| CVE-2023-4801 | An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected. | 7.5 | 0.22% | 2023-09-13 | 2026-06-17 |
| CVE-2023-36000 | A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. | 6.5 | 0.28% | 2023-06-27 | 2026-06-17 |
| CVE-2023-2820 | An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. | 6.1 | 0.25% | 2023-06-14 | 2026-06-17 |
| CVE-2023-0090 | The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. | 9.8 | 0.74% | 2023-03-07 | 2026-06-17 |
| CVE-2023-0089 | The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. | 8.8 | 0.73% | 2023-03-07 | 2026-06-17 |
| CVE-2022-46334 | Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below. | 7.8 | 0.17% | 2022-12-21 | 2026-06-17 |
| CVE-2022-46333 | The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. | 7.2 | 1.47% | 2022-12-06 | 2026-06-17 |
| CVE-2022-46332 | The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below. | 9.6 | 0.61% | 2022-12-06 | 2026-06-17 |