CVE-2023-2820

MEDIUM

Proofpoint Threat Response <5.10.0 - Info Disclosure

Title source: llm

Description

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected.

References (1)

[Vendor Advisory] https://www.proofpoint.com/security/security-advisories/pfpt-sa-2023-0003

Scores

CVSS v3 6.1

EPSS 0.0007

EPSS Percentile 20.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-668

Status published

Products (1)

proofpoint/threat_response_auto_pull < 5.10.0

Published Jun 14, 2023

Tracked Since Feb 18, 2026