The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.Referenceshttp://marc.info/?l=full-disclosure&m=107745676915297&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/15280http://marc.info/?l=full-disclosure&m=107752568009182&w=2
