CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4828 – ITM Server Communications Hijack
https://notcve.org/view.php?id=CVE-2023-4828
13 Sep 2023 — An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An ... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0008 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4803 – ITM Server Cross-site Scripting in WriteWindowTitle Endpoint
https://notcve.org/view.php?id=CVE-2023-4803
13 Sep 2023 — A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected. Un administrador autenticado podría utilizar una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en el endpoint WriteWindowTitle de la consola web del servidor Insider Threat Management (ITM)... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4802 – ITM Server Cross-site Scripting in UpdateInstalledSoftware Endpoint
https://notcve.org/view.php?id=CVE-2023-4802
13 Sep 2023 — A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected. Un administrador autenticado podría utilizar una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en el endpoint UpdateInstalledSoftware de la consola web del servidor Insider Threat Ma... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4801 – ITM MacOS Agent Improper Certificate Validation
https://notcve.org/view.php?id=CVE-2023-4801
13 Sep 2023 — An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected. Un actor anónimo en una red adyacente podría utilizar una vulnerabilidad de validación de certificación inadecuada en el agente Insider T... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0006 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2818 – ITM Windows Agent Insecure Filesystem Permissions
https://notcve.org/view.php?id=CVE-2023-2818
27 Jun 2023 — An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25294
https://notcve.org/view.php?id=CVE-2022-25294
07 Mar 2022 — Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2022-0001 •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27900
https://notcve.org/view.php?id=CVE-2021-27900
06 Apr 2021 — The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected. El Servidor Proofpoint Insider Threat Management (anteriormente ObserveIT Server) presenta una falta de verificación de autorización en varias páginas de la consola web. Esto permite que un usuario de solo lectura cambi... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0005 • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22158
https://notcve.org/view.php?id=CVE-2021-22158
06 Apr 2021 — The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected. El Servidor Proofpoint Insider Threat Management (anteriormente ObserveIT Server) es vulnerable a una XML external entity (XXE) en la consola web. La vulnerabilidad requiere privilegios de usuario a... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0003 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-27899
https://notcve.org/view.php?id=CVE-2021-27899
06 Apr 2021 — The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected. Los Agentes Proofpoint Insider Threat Management (anteriormente ObserveIT Agent) para MacOS y Linux llevan a cabo una comprobación inapropiada del certificado... • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0004 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22157
https://notcve.org/view.php?id=CVE-2021-22157
06 Apr 2021 — Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS. Proofpoint Insider Threat Management Server (anteriormente ObserveIT Server) versiones anteriores a 7.11.1, permite un ataque de tipo XSS almacenado • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •