CVE-2022-46333

The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope.  This affects all versions 8.19.0 and below.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ProofpointCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
proofpointenterprise_protection
𝑥
≤ 8.19.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0003
https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0003