CVE-2024-3676

{"id": "CVE-2024-3676", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@proofpoint.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-05-14T19:15:12.970", "references": [{"url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2024-0002", "source": "security@proofpoint.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@proofpoint.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control.\u00a0 These accounts are able to send spoofed email to any users within the domains configured by the Administrator."}], "lastModified": "2024-05-14T19:17:55.627", "sourceIdentifier": "security@proofpoint.com"}