Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10635

Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system.

Published

2025-04-28T21:15:56.427

Last Modified

2025-10-06T21:15:32.307

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-754
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	proofpoint	enterprise_protection	8.18.6	Yes
Application	proofpoint	enterprise_protection	8.20.6	Yes
Application	proofpoint	enterprise_protection	8.21.0	Yes

References

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0002 Vendor Advisory ([email protected])