Vulnerability Description
A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proofpoint | Enterprise Protection | <= 8.9.22 |
References
- https://www.proofpoint.com/us/security/cve-2019-19680Vendor Advisory
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0001Vendor Advisory
- https://www.proofpoint.com/us/security/cve-2019-19680Vendor Advisory
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0001Vendor Advisory
FAQ
What is CVE-2019-19680?
CVE-2019-19680 is a vulnerability with a CVSS score of 8.8 (HIGH). A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection...
How severe is CVE-2019-19680?
CVE-2019-19680 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19680?
Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Enterprise Protection.