Vulnerabilities > CVE-2023-36002 - Missing Authorization vulnerability in Proofpoint Insider Threat Management Server

CVSS 4.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

low complexity

proofpoint

CWE-862

NVD

Published: 2023-06-27

Updated: 2023-07-06

Summary

A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected.

Vulnerable Configurations

Part	Description	Count
Application	Proofpoint Proofpoint Insider Threat Management Server - Proofpoint Insider Threat Management Server 7.9.1 Proofpoint Insider Threat Management Server 7.10.0 Proofpoint Insider Threat Management Server 7.10.1 Proofpoint Insider Threat Management Server 7.11.0 Proofpoint Insider Threat Management Server 7.11.1 Proofpoint Insider Threat Management Server 7.11.2 Proofpoint Insider Threat Management Server 7.12.0 Proofpoint Insider Threat Management Server 7.12.1	9

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References