Vulnerabilities > CVE-2023-36000 - Missing Authorization vulnerability in Proofpoint Insider Threat Management Server

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

proofpoint

CWE-862

NVD

Published: 2023-06-27

Updated: 2023-07-06

Summary

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.

Vulnerable Configurations

Part	Description	Count
Application	Proofpoint Proofpoint Insider Threat Management Server - Proofpoint Insider Threat Management Server 7.9.1 Proofpoint Insider Threat Management Server 7.10.0 Proofpoint Insider Threat Management Server 7.10.1 Proofpoint Insider Threat Management Server 7.11.0 Proofpoint Insider Threat Management Server 7.11.1 Proofpoint Insider Threat Management Server 7.11.2 Proofpoint Insider Threat Management Server 7.12.0 Proofpoint Insider Threat Management Server 7.12.1	9
OS	Apple Apple Macos -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References