Vulnerabilities > Proofpoint > Insider Threat Management Server

DATE CVE VULNERABILITY TITLE RISK
2023-06-27 CVE-2023-35998 Missing Authorization vulnerability in Proofpoint Insider Threat Management Server
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects.
low complexity
proofpoint CWE-862
4.6
2023-06-27 CVE-2023-36000 Missing Authorization vulnerability in Proofpoint Insider Threat Management Server
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information.
low complexity
proofpoint CWE-862
6.5
2023-06-27 CVE-2023-36002 Missing Authorization vulnerability in Proofpoint Insider Threat Management Server
A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups.
low complexity
proofpoint CWE-862
4.3
2021-10-13 CVE-2021-40842 SQL Injection vulnerability in Proofpoint Insider Threat Management Server
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console.
network
low complexity
proofpoint CWE-89
critical
9.8
2021-10-13 CVE-2021-40843 Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console.
local
low complexity
proofpoint CWE-502
7.3
2021-01-06 CVE-2020-10658 Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API.
network
low complexity
proofpoint CWE-502
critical
9.8
2021-01-06 CVE-2020-10657 Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature.
network
low complexity
proofpoint CWE-502
7.2
2021-01-06 CVE-2020-10656 Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API.
network
low complexity
proofpoint CWE-502
critical
9.8
2021-01-06 CVE-2020-10655 Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API.
network
low complexity
proofpoint CWE-502
critical
9.8