The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below.
References
Link | Resource |
---|---|
https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0001 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Proofpoint
Published: 2023-03-08T00:27:36.914Z
Updated: 2023-07-12T19:00:06.801Z
Reserved: 2023-01-05T19:17:28.968Z
Link: CVE-2023-0090
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-08T01:15:10.343
Modified: 2023-07-12T19:15:08.870
Link: CVE-2023-0090
JSON object: View
Redhat Information
No data.