What is the severity of CVE-2023-5770?

CVE-2023-5770 is considered to have a high severity due to its potential for allowing unauthenticated attackers to inject malicious HTML into email messages.

How do I fix CVE-2023-5770?

To fix CVE-2023-5770, users should upgrade their Proofpoint Enterprise Protection to the latest version that addresses this vulnerability.

What versions of Proofpoint Enterprise Protection are affected by CVE-2023-5770?

CVE-2023-5770 affects Proofpoint Enterprise Protection versions 8.18.6, 8.20.0, and 8.20.2.

Is there a workaround for CVE-2023-5770 until a patch is applied?

There are no specific workarounds for CVE-2023-5770, and it is recommended to apply the patch as soon as possible.

Vulnerability/
CVE-2023-5770

medium

5.4

CWE

838

EPSS

0.044%

9/1/2024

2/8/2024

CVE-2023-5770: HTML injection in email body through email subject

First published: Tue Jan 09 2024(Updated: )

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.

Credit: security@proofpoint.com

Affected Software	Affected Version	How to fix
Proofpoint Enterprise Protection	=8.18.6
Proofpoint Enterprise Protection	=8.20.0
Proofpoint Enterprise Protection	=8.20.2

Never miss a vulnerability like this again

Reference Links

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0009

Frequently Asked Questions

What is the severity of CVE-2023-5770?
CVE-2023-5770 is considered to have a high severity due to its potential for allowing unauthenticated attackers to inject malicious HTML into email messages.
How do I fix CVE-2023-5770?
To fix CVE-2023-5770, users should upgrade their Proofpoint Enterprise Protection to the latest version that addresses this vulnerability.
What versions of Proofpoint Enterprise Protection are affected by CVE-2023-5770?
CVE-2023-5770 affects Proofpoint Enterprise Protection versions 8.18.6, 8.20.0, and 8.20.2.
What type of attack does CVE-2023-5770 enable?
CVE-2023-5770 enables an unauthenticated attacker to inject improperly encoded HTML into the email body through the subject line.
Is there a workaround for CVE-2023-5770 until a patch is applied?
There are no specific workarounds for CVE-2023-5770, and it is recommended to apply the patch as soon as possible.

agent/type
agent/references
agent/weakness
agent/author
agent/description
collector/epss-latest
source/FIRST
agent/epss
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/title
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/proofpoint
canonical/proofpoint enterprise protection
version/proofpoint enterprise protection/8.18.6
version/proofpoint enterprise protection/8.20.0
version/proofpoint enterprise protection/8.20.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.