Vulnerabilities > Proofpoint > Insider Threat Management Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-27 CVE-2023-35998 Missing Authorization vulnerability in Proofpoint Insider Threat Management Server
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects.
low complexity
proofpoint CWE-862
4.6
4.6
2023-06-27 CVE-2023-36000 Missing Authorization vulnerability in Proofpoint Insider Threat Management Server
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information.
low complexity
proofpoint CWE-862
6.5
6.5
2023-06-27 CVE-2023-36002 Missing Authorization vulnerability in Proofpoint Insider Threat Management Server
A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups.
low complexity
proofpoint CWE-862
4.3
4.3
2021-10-13 CVE-2021-40843 Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. 		6.9
6.9
2021-01-06 CVE-2020-10657 Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature.
network
low complexity
proofpoint CWE-502
6.5
6.5