CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25294
https://notcve.org/view.php?id=CVE-2022-25294
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2022-0001 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40842
https://notcve.org/view.php?id=CVE-2021-40842
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected. Proofpoint Insider Threat Management Server contiene una vulnerabilidad de inyección SQL en la consola web. • https://www.proofpoint.com/us/security/security-advisories https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40843
https://notcve.org/view.php?id=CVE-2021-40843
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected. Proofpoint Insider Threat Management Server contiene una vulnerabilidad de deserialización no segura en la consola web. • https://www.proofpoint.com/us/security/security-advisories https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39304
https://notcve.org/view.php?id=CVE-2021-39304
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass. Proofpoint Enterprise Protection versiones anteriores a 8.12.0-2108090000 permite una omisión del control de seguridad • https://www.proofpoint.com/us/blog https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0007 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34814
https://notcve.org/view.php?id=CVE-2021-34814
Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. Proofpoint Spam Engine versiones anteriores a 8.12.0-2106240000 presenta una Omisión de Control de Seguridad • https://www.proofpoint.com/us/security/security-advisories https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0010 •