CVE-2024-10635: Enterprise Protection S/MIME Opaque Signature Attachment Scanning Bypass
Description
Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system.
Classification
CVE ID: CVE-2024-10635
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Problem Types
CWE-20 Improper Input ValidationAffected Products
Vendor: Proofpoint
Product: Enterprise Protection
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.47% (scored less or equal to compared to others)
EPSS Date: 2025-05-27 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-10635https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2025-0002