CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36000 – ITM Server Missing Authorization for Agent Config
https://notcve.org/view.php?id=CVE-2023-36000
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004 https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005 • CWE-862: Missing Authorization •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35998 – ITM Server Missing Authorization in SOAP Endpoints
https://notcve.org/view.php?id=CVE-2023-35998
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004 https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2818 – ITM Windows Agent Insecure Filesystem Permissions
https://notcve.org/view.php?id=CVE-2023-2818
An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25294
https://notcve.org/view.php?id=CVE-2022-25294
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2022-0001 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40842
https://notcve.org/view.php?id=CVE-2021-40842
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected. Proofpoint Insider Threat Management Server contiene una vulnerabilidad de inyección SQL en la consola web. • https://www.proofpoint.com/us/security/security-advisories https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •