cvedb.io
CVE-2024-3676
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2024-05-14T19:15:12.970 · Last modified 2026-06-17T07:44:47.573

Summary

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control.  These accounts are able to send spoofed email to any users within the domains configured by the Administrator.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.