7.3

CVE-2021-40843

EPSS 0.03%
Veröffentlicht 13.10.2021 18:15:08
Zuletzt bearbeitet 21.11.2024 06:24:54
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Proofpoint ≫ Insider Threat Management Server Version < 7.11.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	1.3	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.proofpoint.com/us/security/security-advisories

Vendor Advisory

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-40843

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40843

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40843

EUVD