Vulnerabilities > Proofpoint

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-25294 Unspecified vulnerability in Proofpoint Insider Threat Management
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges.
local
low complexity
proofpoint
7.2
2021-10-13 CVE-2021-40842 SQL Injection vulnerability in Proofpoint Insider Threat Management Server
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console.
network
low complexity
proofpoint CWE-89
7.5
2021-10-13 CVE-2021-40843 Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console.
6.9
2021-10-13 CVE-2021-34814 Unspecified vulnerability in Proofpoint Spam Engine
Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.
network
low complexity
proofpoint
5.0
2021-10-13 CVE-2021-39304 Unspecified vulnerability in Proofpoint Enterprise Protection 8.12.02107140000
Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.
network
low complexity
proofpoint
5.0
2021-05-07 CVE-2020-14009 Improper Validation of Integrity Check Value vulnerability in Proofpoint Enterprise Protection 8.14.2
Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules.
6.8
2021-04-06 CVE-2021-27900 Missing Authorization vulnerability in Proofpoint Insider Threat Management
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console.
network
low complexity
proofpoint CWE-862
5.5
2021-04-06 CVE-2021-27899 Improper Certificate Validation vulnerability in Proofpoint Insider Threat Management
The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack.
5.8
2021-04-06 CVE-2021-22158 XXE vulnerability in Proofpoint Insider Threat Management
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console.
network
low complexity
proofpoint CWE-611
6.5
2021-04-06 CVE-2021-22157 Cross-site Scripting vulnerability in Proofpoint Insider Threat Management
Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.
network
proofpoint CWE-79
4.3