Vulnerabilities > CVE-2020-8884 - Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
proofpoint
CWE-502

Summary

rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper deserialization over named pipes.

Common Weakness Enumeration (CWE)