An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected.
References
Link | Resource |
---|---|
https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0003 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Proofpoint
Published: 2023-06-14T21:26:31.248Z
Updated: 2023-06-16T20:24:43.802Z
Reserved: 2023-05-19T21:09:14.480Z
Link: CVE-2023-2820
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-14T22:15:09.273
Modified: 2023-06-28T19:26:01.313
Link: CVE-2023-2820
JSON object: View
Redhat Information
No data.