CVE-2023-5770 — MEDIUM (5.3)

Vulnerability Description

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Proofpoint	Enterprise Protection	8.18.6

Related Weaknesses (CWE)

CWE-838

References

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009Vendor Advisory
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009Vendor Advisory

FAQ

What is CVE-2023-5770?

CVE-2023-5770 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through...

How severe is CVE-2023-5770?

CVE-2023-5770 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5770?

Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Enterprise Protection.