CVE-2024-0862

{"id": "CVE-2024-0862", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@proofpoint.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}]}, "published": "2024-05-14T19:15:08.413", "references": [{"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0001", "source": "security@proofpoint.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@proofpoint.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains a Server-Side Request Forgery vulnerability that allows an authenticated user to relay HTTP requests from the Protection server to otherwise private network addresses."}, {"lang": "es", "value": "El endpoint de Proofpoint Encryption de Proofpoint Enterprise Protection contiene una vulnerabilidad de Server Side Request Forgery que permite a un usuario autenticado transmitir solicitudes HTTP desde el servidor de Protection a direcciones de red que de otro modo ser\u00edan privadas."}], "lastModified": "2024-05-14T19:17:55.627", "sourceIdentifier": "security@proofpoint.com"}