{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-3676","assignerOrgId":"d83a79dd-e128-4b83-8b64-84faf54eed46","state":"PUBLISHED","assignerShortName":"Proofpoint","dateReserved":"2024-04-11T20:00:59.260Z","datePublished":"2024-05-14T19:07:19.420Z","dateUpdated":"2024-08-01T20:19:59.948Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Enterprise Protection","vendor":"Proofpoint","versions":[{"changes":[{"at":"patch 4868","status":"unaffected"}],"lessThan":"patch 4868","status":"affected","version":"8.18.6","versionType":"semver"},{"changes":[{"at":"patch 4869","status":"unaffected"}],"lessThan":"patch 4869","status":"affected","version":"8.20.0","versionType":"semver"},{"changes":[{"at":"patch 4870","status":"unaffected"}],"lessThan":"patch 4870","status":"affected","version":"8.20.2","versionType":"semver"},{"changes":[{"at":"patch 4871","status":"unaffected"}],"lessThan":"patch 4871","status":"affected","version":"8.20.4","versionType":"semver"},{"changes":[{"at":"patch 4872","status":"unaffected"}],"lessThan":"patch 4871","status":"affected","version":"8.21.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control.  These accounts are able to send spoofed email to any users within the domains configured by the Administrator."}],"value":"The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control.  These accounts are able to send spoofed email to any users within the domains configured by the Administrator."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"d83a79dd-e128-4b83-8b64-84faf54eed46","shortName":"Proofpoint","dateUpdated":"2024-05-14T19:07:19.420Z"},"references":[{"url":"https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-3676","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-15T17:49:37.326859Z"}}}],"affected":[{"cpes":["cpe:2.3:a:proofpoint:enterprise_protection:8.18.6:*:*:*:*:*:*:*"],"vendor":"proofpoint","product":"enterprise_protection","versions":[{"status":"affected","version":"8.18.6","lessThan":"patch_4868","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:proofpoint:enterprise_protection:8.20.0:-:*:*:*:*:*:*"],"vendor":"proofpoint","product":"enterprise_protection","versions":[{"status":"affected","version":"8.20.0","lessThan":"patch_4869 ","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:proofpoint:enterprise_protection:8.20.2:*:*:*:*:*:*:*"],"vendor":"proofpoint","product":"enterprise_protection","versions":[{"status":"affected","version":"8.20.2","lessThan":"patch_4870","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:prootpoint:enterprise_protection:8.20.4:*:*:*:*:*:*:*"],"vendor":"prootpoint","product":"enterprise_protection","versions":[{"status":"affected","version":"8.20.4","lessThan":"patch_4871","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:a:prootpoint:enterprise_protection:8.21.0:*:*:*:*:*:*:*"],"vendor":"prootpoint","product":"enterprise_protection","versions":[{"status":"affected","version":"8.21.0","lessThan":"patch_4872","versionType":"custom"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:31:16.298Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:19:59.948Z"},"title":"CVE Program Container","references":[{"url":"https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002","tags":["x_transferred"]}]}]}}