CVE-2024-0862 MEDIUM

CVE-2024-0862

Vendor Proofpoint
Product Enterprise Protection
Weakness CWE-918 · SSRF
Published May 14, 2024
Last update August 20, 2024
View on NVD All CVEs

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses.

Key dates

02Disclosure timeline

May 14, 2024 CVE published
August 20, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS CVE-2025-1521 PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability CVE-2026-45061 Budibase: SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload (`/api/plugin`) CVE-2023-6964 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF) CVE-2025-24701 WordPress Chained Quiz Plugin <= 1.3.2.9 - Server Side Request Forgery (SSRF) vulnerability