CVE-2022-46333

EUVD-2022-49150
The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope.  This affects all versions 8.19.0 and below.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
ProofpointCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
proofpointenterprise_protection
𝑥
≤ 8.19.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0003
https://www.proofpoint.com/security/security-advisories/pfpt-sa-2022-0003