Vulnerabilities > CVE-2023-35998 - Missing Authorization vulnerability in Proofpoint Insider Threat Management Server

CVSS 4.6 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

low complexity

proofpoint

CWE-862

NVD

Published: 2023-06-27

Updated: 2023-07-06

Summary

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.

Vulnerable Configurations

Part	Description	Count
Application	Proofpoint Proofpoint Insider Threat Management Server - Proofpoint Insider Threat Management Server 7.9.1 Proofpoint Insider Threat Management Server 7.10.0 Proofpoint Insider Threat Management Server 7.10.1 Proofpoint Insider Threat Management Server 7.11.0 Proofpoint Insider Threat Management Server 7.11.1 Proofpoint Insider Threat Management Server 7.11.2 Proofpoint Insider Threat Management Server 7.12.0 Proofpoint Insider Threat Management Server 7.12.1	9

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References