CVE-2023-5770

MEDIUM
Published Jan 9, 2024 Modified Nov 21, 2024 CWE-838

Description

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.

CVSS v3.1 Score

5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Weakness Type (CWE)

CWE-838 CWE-838

Affected Products

Vendor Product
proofpoint enterprise_protection
proofpoint enterprise_protection
proofpoint enterprise_protection

References

Frequently Asked Questions

What is CVE-2023-5770? +
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions. It has a CVSS v3.1 base score of 5.3 (MEDIUM).
How severe is CVE-2023-5770? +
CVE-2023-5770 has a CVSS v3.1 score of 5.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2023-5770? +
CVE-2023-5770 affects products from proofpoint, specifically: enterprise_protection. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2023-5770? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2023-5770 — free, no signup required.

Start Free Scan