Proofpoint

Insider Threat Management Server

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-8558

  • EPSS 0.1%
  • Veröffentlicht 03.11.2025 18:40:03
  • Zuletzt bearbeitet 07.11.2025 01:49:02

Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the l...

6.5

CVE-2023-36000

  • EPSS 0.09%
  • Veröffentlicht 27.06.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 08:09:08

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to firs...

4.3

CVE-2023-36002

  • EPSS 0.07%
  • Veröffentlicht 27.06.2023 15:15:11
  • Zuletzt bearbeitet 21.11.2024 08:09:08

A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected.

4.6

CVE-2023-35998

  • EPSS 0.09%
  • Veröffentlicht 27.06.2023 15:15:10
  • Zuletzt bearbeitet 21.11.2024 08:09:08

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid a...

9.8

CVE-2021-40842

  • EPSS 0.39%
  • Veröffentlicht 13.10.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:24:54

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL ...

7.3

CVE-2021-40843

  • EPSS 0.03%
  • Veröffentlicht 13.10.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 06:24:54

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server...

9.8

CVE-2020-10655

  • EPSS 6.6%
  • Veröffentlicht 06.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:46

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code wi...

9.8

CVE-2020-10656

  • EPSS 6.6%
  • Veröffentlicht 06.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:46

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability allows an anonymous remote attacker to execute arbit...

7.2

CVE-2020-10657

  • EPSS 4.59%
  • Veröffentlicht 06.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:46

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges in ...

9.8

CVE-2020-10658

  • EPSS 6.6%
  • Veröffentlicht 06.01.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 04:55:47

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with loc...