CVE-2024-10635 | THREATINT

Description

Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system.

PUBLISHED Reserved 2024-10-31 | Published 2025-04-28 | Updated 2025-10-06 | Assigner Proofpoint

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Product status

Default status

affected

8.18.6 (semver) before patch 5110

affected

8.20.6 (semver) before patch 5134

affected

8.21.0 (semver) before patch 5112

affected

References

www.proofpoint.com/.../security-advisories/pfpt-sa-2025-0002

cve.org (CVE-2024-10635)

nvd.nist.gov (CVE-2024-10635)

Download JSON