7.5

CVE-2023-4801

EPSS 0.08%
Veröffentlicht 13.09.2023 16:15:10
Zuletzt bearbeitet 21.11.2024 08:35:59
Quelle security@proofpoint.com
CVE-Watchlists
Login
Unerledigt
Login

An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Proofpoint ≫ Insider Threat Management SwPlatformmacos Version < 7.14.3.69

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.25

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
security@proofpoint.com	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-006

Broken Link

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0006

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4801

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4801

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4801

EUVD