www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf  Public Scan

Form analysis
1 forms found in the DOM

/us

<form action="/us" data-region="us" data-language="en">
  <input type="text" name="search_block_form" placeholder="Search">
  <input type="submit">
</form>

Text Content

Skip to main content
Products Solutions Partners Resources Company ContactLanguages
Support Log-in Digital Risk Portal Email Fraud Defense ET Intelligence
Proofpoint Essentials Sendmail Support Log-in
Main Menu

AEGIS THREAT PROTECTION PLATFORM

Disarm BEC, phishing, ransomware, supply chain threats and more.

SIGMA INFORMATION PROTECTION PLATFORM

Defend your data from careless, compromised and malicious users.

IDENTITY THREAT DEFENSE PLATFORM

Prevent identity risks, detect lateral movement and remediate identity threats
in real time.

INTELLIGENT COMPLIANCE PLATFORM

Reduce risk, control costs and improve data visibility to ensure compliance.

PREMIUM SERVICES

Leverage proactive expertise, operational continuity and deeper insights from
our skilled experts.


NEW THREAT PROTECTION SOLUTION BUNDLES WITH FLEXIBLE DEPLOYMENT OPTIONS

AI-powered protection against BEC, ransomware, phishing, supplier risk and more
with inline+API or MX-based deployment

Learn More


SOLUTIONS BY TOPIC

COMBAT EMAIL AND CLOUD THREATS

Protect your people from email and cloud threats with an intelligent and
holistic approach.

CHANGE USER BEHAVIOR

Help your employees identify, resist and report attacks before the damage is
done.

COMBAT DATA LOSS AND INSIDER RISK

Prevent data loss via negligent, compromised and malicious insiders by
correlating content, behavior and threats.

MODERNIZE COMPLIANCE AND ARCHIVING

Manage risk and data retention needs with a modern compliance and archiving
solution.

PROTECT CLOUD APPS

Keep your people and their cloud apps secure by eliminating threats, avoiding
data loss and mitigating compliance risk.

PREVENT LOSS FROM RANSOMWARE

Learn about this growing threat and stop attacks by securing today’s top
ransomware vector: email.

SECURE MICROSOFT 365

Implement the very best security and compliance solution for your Microsoft 365
collaboration suite.

DEFEND YOUR REMOTE WORKFORCE WITH CLOUD EDGE

Secure access to corporate resources and ensure business continuity for your
remote workers.

WHY PROOFPOINT

Today’s cyber attacks target people. Learn about our unique people-centric
approach to protection.


SOLUTIONS BY INDUSTRY

Federal Government State and Local Government Higher Education Financial
Services Healthcare Mobile Operators Internet Service Providers Small and Medium
Businesses


PARTNER PROGRAMS

CHANNEL PARTNERS

Become a channel partner. Deliver Proofpoint solutions to your customers and
grow your business.

ARCHIVE EXTRACTION PARTNERS

Learn about the benefits of becoming a Proofpoint Extraction Partner.

GLOBAL SYSTEM INTEGRATOR (GSI) AND MANAGED SERVICE PROVIDER (MSP) PARTNERS

Learn about our global consulting and services partners that deliver fully
managed and integrated solutions.

TECHNOLOGY AND ALLIANCE PARTNERS

Learn about our relationships with industry-leading firms to help protect your
people, data and brand.

SOCIAL MEDIA PROTECTION PARTNERS

Learn about the technology and alliance partners in our Social Media Protection
Partner program.

PROOFPOINT ESSENTIALS PARTNER PROGRAMS

Small Business Solutions for channel partners and MSPs.


PARTNER TOOLS

Become a Channel Partner Channel Partner Portal

RESOURCE LIBRARY

Find the information you're looking for in our library of videos, data sheets,
white papers and more.

BLOG

Keep up with the latest news and happenings in the ever‑evolving cybersecurity
landscape.

PODCASTS

Learn about the human side of cybersecurity. Episodes feature insights from
experts and executives.

NEW PERIMETERS MAGAZINE

Get the latest cybersecurity insights in your hands – featuring valuable
knowledge from our own industry experts.

THREAT GLOSSARY

Learn about the latest security threats and how to protect your people, data,
and brand.

EVENTS

Connect with us at events to learn how to protect your people and data from
ever‑evolving threats.

CUSTOMER STORIES

Read how Proofpoint customers around the globe solve their most pressing
cybersecurity challenges.

WEBINARS

Browse our webinar library to learn about the latest threats, trends and issues
in cybersecurity.

Watch now to earn your CPE credits


SECURITY HUBS

Get free research and resources to help you protect against threats, build a
security culture, and stop ransomware in its tracks.

Threat Hub
CISO Hub
Cybersecurity Awareness Hub
Ransomware Hub
Insider Threat Management Hub

ABOUT PROOFPOINT

Proofpoint is a leading cybersecurity company that protects organizations'
greatest assets and biggest risks: their people.

WHY PROOFPOINT

Today’s cyber attacks target people. Learn about our unique people-centric
approach to protection.

CAREERS

Stand out and make a difference at one of the world's leading cybersecurity
companies.

NEWS CENTER

Read the latest press releases, news stories and media highlights about
Proofpoint.

PRIVACY AND TRUST

Learn about how we handle data and make commitments to privacy and other
regulations.

ENVIRONMENTAL, SOCIAL, AND GOVERNANCE

Learn about our people-centric principles and how we implement them to
positively impact our global community.


SUPPORT

Access the full range of Proofpoint support services.

Learn More
English (Americas) English (Europe, Middle East, Africa) English (Asia-Pacific)
Español Deutsch Français Italiano Português 日本語 한국어
Products
Overview

EMAIL SECURITY AND PROTECTION

Email Protection Email Fraud Defense Secure Email Relay Threat Response
Auto-Pull Sendmail Open Source Essentials for Small Business


ADVANCED THREAT PROTECTION

Targeted Attack Protection in Email Email Isolation Threat Response Emerging
Threats Intelligence


SECURITY AWARENESS TRAINING

Assess Change Behavior Evaluate
Overview

INFORMATION PROTECTION

Enterprise Data Loss Prevention (DLP) Insider Threat Management Intelligent
Classification and Protection Endpoint Data Loss Prevention (DLP) Email Data
Loss Prevention (DLP) Email Encryption Data Discover


CLOUD SECURITY

Browser Isolation Cloud Account Defense Cloud App Security Broker Web Security
Overview

IDENTITY THREAT DETECTION AND RESPONSE

Spotlight Shadow
Overview

COMPLIANCE AND ARCHIVING

Automate Capture Patrol Track Archive Discover Supervision


DIGITAL RISK PROTECTION

Social Media Protection Domain Fraud Monitoring Executive and Location Threat
Monitoring
Overview

PREMIUM SERVICES

Managed Email Threat Protection Services Managed Information Protection Services
Managed Security Awareness Services Recurring Consultative Services Technical
Account Managers Threat Intelligence Services People-Centric Security Program
Products Solutions Partners Resources Company
English (Americas) English (Europe, Middle East, Africa) English (Asia-Pacific)
Español Deutsch Français Italiano Português 日本語 한국어
Login
Support Log-in Digital Risk Portal Email Fraud Defense ET Intelligence
Proofpoint Essentials Sendmail Support Log-in
Contact


AEGIS THREAT PROTECTION PLATFORM

Disarm BEC, phishing, ransomware, supply chain threats and more.

SIGMA INFORMATION PROTECTION PLATFORM

Defend your data from careless, compromised and malicious users.

IDENTITY THREAT DEFENSE PLATFORM

Prevent identity risks, detect lateral movement and remediate identity threats
in real time.

INTELLIGENT COMPLIANCE PLATFORM

Reduce risk, control costs and improve data visibility to ensure compliance.

PREMIUM SERVICES

Leverage proactive expertise, operational continuity and deeper insights from
our skilled experts.



Overview

EMAIL SECURITY AND PROTECTION

Email Protection Email Fraud Defense Secure Email Relay Threat Response
Auto-Pull Sendmail Open Source Essentials for Small Business


ADVANCED THREAT PROTECTION

Targeted Attack Protection in Email Email Isolation Threat Response Emerging
Threats Intelligence


SECURITY AWARENESS TRAINING

Assess Change Behavior Evaluate
Overview

INFORMATION PROTECTION

Enterprise Data Loss Prevention (DLP) Insider Threat Management Intelligent
Classification and Protection Endpoint Data Loss Prevention (DLP) Email Data
Loss Prevention (DLP) Email Encryption Data Discover


CLOUD SECURITY

Browser Isolation Cloud Account Defense Cloud App Security Broker Web Security
Overview

IDENTITY THREAT DETECTION AND RESPONSE

Spotlight Shadow
Overview

COMPLIANCE AND ARCHIVING

Automate Capture Patrol Track Archive Discover Supervision


DIGITAL RISK PROTECTION

Social Media Protection Domain Fraud Monitoring Executive and Location Threat
Monitoring
Overview

PREMIUM SERVICES

Managed Email Threat Protection Services Managed Information Protection Services
Managed Security Awareness Services Recurring Consultative Services Technical
Account Managers Threat Intelligence Services People-Centric Security Program




NEW THREAT PROTECTION SOLUTION BUNDLES WITH FLEXIBLE DEPLOYMENT OPTIONS

AI-powered protection against BEC, ransomware, phishing, supplier risk and more
with inline+API or MX-based deployment

Learn More




SOLUTIONS BY TOPIC

COMBAT EMAIL AND CLOUD THREATS

Protect your people from email and cloud threats with an intelligent and
holistic approach.

CHANGE USER BEHAVIOR

Help your employees identify, resist and report attacks before the damage is
done.

COMBAT DATA LOSS AND INSIDER RISK

Prevent data loss via negligent, compromised and malicious insiders by
correlating content, behavior and threats.

MODERNIZE COMPLIANCE AND ARCHIVING

Manage risk and data retention needs with a modern compliance and archiving
solution.

PROTECT CLOUD APPS

Keep your people and their cloud apps secure by eliminating threats, avoiding
data loss and mitigating compliance risk.

PREVENT LOSS FROM RANSOMWARE

Learn about this growing threat and stop attacks by securing today’s top
ransomware vector: email.

SECURE MICROSOFT 365

Implement the very best security and compliance solution for your Microsoft 365
collaboration suite.

DEFEND YOUR REMOTE WORKFORCE WITH CLOUD EDGE

Secure access to corporate resources and ensure business continuity for your
remote workers.

WHY PROOFPOINT

Today’s cyber attacks target people. Learn about our unique people-centric
approach to protection.


SOLUTIONS BY INDUSTRY

Federal Government State and Local Government Higher Education Financial
Services Healthcare Mobile Operators Internet Service Providers Small and Medium
Businesses


PARTNER PROGRAMS

CHANNEL PARTNERS

Become a channel partner. Deliver Proofpoint solutions to your customers and
grow your business.

ARCHIVE EXTRACTION PARTNERS

Learn about the benefits of becoming a Proofpoint Extraction Partner.

GLOBAL SYSTEM INTEGRATOR (GSI) AND MANAGED SERVICE PROVIDER (MSP) PARTNERS

Learn about our global consulting and services partners that deliver fully
managed and integrated solutions.

TECHNOLOGY AND ALLIANCE PARTNERS

Learn about our relationships with industry-leading firms to help protect your
people, data and brand.

SOCIAL MEDIA PROTECTION PARTNERS

Learn about the technology and alliance partners in our Social Media Protection
Partner program.

PROOFPOINT ESSENTIALS PARTNER PROGRAMS

Small Business Solutions for channel partners and MSPs.


PARTNER TOOLS

Become a Channel Partner Channel Partner Portal

RESOURCE LIBRARY

Find the information you're looking for in our library of videos, data sheets,
white papers and more.

BLOG

Keep up with the latest news and happenings in the ever‑evolving cybersecurity
landscape.

PODCASTS

Learn about the human side of cybersecurity. Episodes feature insights from
experts and executives.

NEW PERIMETERS MAGAZINE

Get the latest cybersecurity insights in your hands – featuring valuable
knowledge from our own industry experts.

THREAT GLOSSARY

Learn about the latest security threats and how to protect your people, data,
and brand.

EVENTS

Connect with us at events to learn how to protect your people and data from
ever‑evolving threats.

CUSTOMER STORIES

Read how Proofpoint customers around the globe solve their most pressing
cybersecurity challenges.

WEBINARS

Browse our webinar library to learn about the latest threats, trends and issues
in cybersecurity.

Watch now to earn your CPE credits


SECURITY HUBS

Get free research and resources to help you protect against threats, build a
security culture, and stop ransomware in its tracks.

Threat Hub
CISO Hub
Cybersecurity Awareness Hub
Ransomware Hub
Insider Threat Management Hub

ABOUT PROOFPOINT

Proofpoint is a leading cybersecurity company that protects organizations'
greatest assets and biggest risks: their people.

WHY PROOFPOINT

Today’s cyber attacks target people. Learn about our unique people-centric
approach to protection.

CAREERS

Stand out and make a difference at one of the world's leading cybersecurity
companies.

NEWS CENTER

Read the latest press releases, news stories and media highlights about
Proofpoint.

PRIVACY AND TRUST

Learn about how we handle data and make commitments to privacy and other
regulations.

ENVIRONMENTAL, SOCIAL, AND GOVERNANCE

Learn about our people-centric principles and how we implement them to
positively impact our global community.


SUPPORT

Access the full range of Proofpoint support services.

Learn More
Zeigen Sie weiterhin Inhalte für Ihren Standort an
United StatesUnited KingdomFranceDeutschlandEspaña日本AustraliaItaliaFortsetzen
Security
Security Advisories
Proofpoint Enterprise Protection (PPS/PoD) perl eval() arbitrary command
execution


PROOFPOINT ENTERPRISE PROTECTION (PPS/POD) PERL EVAL() ARBITRARY COMMAND
EXECUTION


PROOFPOINT ENTERPRISE PROTECTION (PPS/POD) PERL EVAL() ARBITRARY COMMAND
EXECUTION, CVE-2022-46333

Advisory ID: PFPT-SA-2022-0003

The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains
a command injection vulnerability that enables an admin to execute commands
beyond their allowed scope.

This affects all versions 8.19.0 and below.


VULNERABILITY INFORMATION

This vulnerability is identified by CVE-2022-46333. Proofpoint has released
patches to address this issue.  If you are running an end of life version,
please upgrade to a fully supported version as soon as possible.

This vulnerability has been assigned a CVSS score of 7.2:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H


FIXED SOFTWARE

Proofpoint has released the following patches:

8.19.0 patch 4546
8.18.6 patch 4545
8.18.4 patch 4544
8.13.22 patch 4543

The patches are now available through the customer support portal.


PROOFPOINT ON-DEMAND CUSTOMERS

No action is required. Applicable fixes have already been deployed by
Proofpoint.


PROOFPOINT ON-PREMISES CUSTOMERS

If you are running a supported version that is configured to deploy releases
automatically, no action is required.  Applicable fixes have been automatically
deployed.

For on-premise environments that are configured to manually apply releases,
install the applicable release as noted above.

If you are running an end of life release please upgrade to a supported release
as soon as possible.

For any questions or concerns please contact Proofpoint Support.


ACKNOWLEDGMENTS

Thanks to ly1g3 for their co-ordinated disclosure of this issue.


URL

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2022-0003


REVISION HISTORY

Version Description Section Date 1.0 Initial Release   December 6, 2022


LEGAL DISCLAIMER

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF
GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS
LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. PROOFPOINT RESERVES THE RIGHT TO
CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the
distribution URL is an uncontrolled copy and may lack important information or
contain factual errors. The information in this document is intended for
authorized subscribers to Proofpoint products and services.


QUESTIONS OR COMMENTS?

Open a Support call or contact Support via your hotline phone number. Further
updates will be posted as needed.


ABOUT

 * Overview
 * Why Proofpoint
 * Careers
 * Leadership Team
 * News Center
 * Nexus Platform
 * Privacy and Trust


THREAT CENTER

 * Threat Hub
 * Cybersecurity Awareness Hub
 * Ransomware Hub
 * Threat Glossary
 * Threat Blog
 * Daily Ruleset


PRODUCTS

 * Email Security & Protection
 * Advanced Threat Protection
 * Security Awareness Training
 * Cloud Security
 * Archive & Compliance
 * Information Protection
 * Digital Risk Protection
 * Product Bundles


RESOURCES

 * White Papers
 * Webinars
 * Data Sheets
 * Events
 * Customer Stories
 * Blog
 * Free Trial


CONNECT

 * +1-408-517-4710
 * Contact Us
 * Office Locations
 * Request a Demo


SUPPORT

 * Support Login
 * Support Services
 * IP Address Blocked?

 * Facebook
 * Twitter
 * linkedin
 * Youtube

 * English (US)
 * English (UK)
 * English (AU)
 * Español
 * Deutsch
 * Français
 * Italiano
 * Português
 * 日本語
 * 한국어

© 2023. All rights reserved. Terms and conditions Privacy Policy Sitemap