CVE-2024-10635
April 28, 2025, 9:15 p.m.
6.1
Medium
Description
Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Proofpoint |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-20
Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | proofpoint | enterprise_protection | / | / | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: NETWORK
- Attack Complexity: LOW
- Privileges Required: NONE
- Scope: CHANGED
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Timeline
Published: April 28, 2025, 9:15 p.m.
Last Modified: April 28, 2025, 9:15 p.m.
Last Modified: April 28, 2025, 9:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@proofpoint.com
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.