CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36002 – ITM Server Missing Authorization for URL validation
https://notcve.org/view.php?id=CVE-2023-36002
27 Jun 2023 — A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36000 – ITM Server Missing Authorization for Agent Config
https://notcve.org/view.php?id=CVE-2023-36000
27 Jun 2023 — A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004 • CWE-862: Missing Authorization •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35998 – ITM Server Missing Authorization in SOAP Endpoints
https://notcve.org/view.php?id=CVE-2023-35998
27 Jun 2023 — A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. • https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-40842
https://notcve.org/view.php?id=CVE-2021-40842
13 Oct 2021 — Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected. Proofpoint Insider Threat Management Server contiene una vulnerab... • https://www.proofpoint.com/us/security/security-advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40843
https://notcve.org/view.php?id=CVE-2021-40843
13 Oct 2021 — Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected. P... • https://www.proofpoint.com/us/security/security-advisories • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-10658
https://notcve.org/view.php?id=CVE-2020-10658
06 Jan 2021 — The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization. Proofpoint Insider Threat Management Server (anteriormente ObserveIT Server) versiones anteriores a 7.9.1, contiene una vulnerabilidad en la API WriteImage del servidor de apli... • https://www.proofpoint.com/us/blog • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10657
https://notcve.org/view.php?id=CVE-2020-10657
06 Jan 2021 — The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges in the console) to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization. El Proofpoint Insider Threat Management Server (anteriormente ObserveIT Server) versiones anteriores a 7.9.1, contiene una vulner... • https://www.proofpoint.com/us/blog • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-10656
https://notcve.org/view.php?id=CVE-2020-10656
06 Jan 2021 — The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization. Proofpoint Insider Threat Management Server (anteriormente ObserveIT Server) versiones anteriores a 7.9.1, contiene una vulnerabilidad en la API WriteWindowMo... • https://www.proofpoint.com/us/blog • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-10655
https://notcve.org/view.php?id=CVE-2020-10655
06 Jan 2021 — The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization. Proofpoint Insider Threat Management Server (anteriormente ObserveIT Server) versiones anteriores a 7.9.1, contiene una vulnerabilidad en la API WriteWindowMouse del serv... • https://www.proofpoint.com/us/blog • CWE-502: Deserialization of Untrusted Data •