CVE-2023-2819 — MEDIUM (4.3)

Q: How severe is CVE-2023-2819?

CVE-2023-2819 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-2819?

Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Threat Response Auto Pull.

Vulnerability Description

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type.  This could result in arbitrary javascript code execution in an admin context. All versions prior to 5.10.0 are affected. 

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Proofpoint	Threat Response Auto Pull	< 5.10.0

Related Weaknesses (CWE)

CWE-79

References

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0002Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0002Vendor Advisory

FAQ

What is CVE-2023-2819?

CVE-2023-2819 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to r...

How severe is CVE-2023-2819?

CVE-2023-2819 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-2819?

Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Threat Response Auto Pull.