Vulnerabilities > Proofpoint > Insider Threat Management Server
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-27 | CVE-2023-35998 | Missing Authorization vulnerability in Proofpoint Insider Threat Management Server A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. | 4.6 |
2023-06-27 | CVE-2023-36000 | Missing Authorization vulnerability in Proofpoint Insider Threat Management Server A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. | 6.5 |
2023-06-27 | CVE-2023-36002 | Missing Authorization vulnerability in Proofpoint Insider Threat Management Server A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. | 4.3 |
2021-10-13 | CVE-2021-40842 | SQL Injection vulnerability in Proofpoint Insider Threat Management Server Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. | 9.8 |
2021-10-13 | CVE-2021-40843 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. | 7.3 |
2021-01-06 | CVE-2020-10658 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. | 9.8 |
2021-01-06 | CVE-2020-10657 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. | 7.2 |
2021-01-06 | CVE-2020-10656 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. | 9.8 |
2021-01-06 | CVE-2020-10655 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. | 9.8 |