Vulnerabilities > Proofpoint > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-13 | CVE-2023-4801 | Improper Certificate Validation vulnerability in Proofpoint Insider Threat Management An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. | 7.5 |
| 2023-03-08 | CVE-2023-0089 | Code Injection vulnerability in Proofpoint Enterprise Protection The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. | 8.8 |
| 2022-12-21 | CVE-2022-46334 | Improper Privilege Management vulnerability in Proofpoint Enterprise Protection Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. | 7.8 |
| 2022-12-06 | CVE-2022-46333 | Code Injection vulnerability in Proofpoint Enterprise Protection The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. | 7.2 |
| 2022-03-10 | CVE-2022-25294 | Unspecified vulnerability in Proofpoint Insider Threat Management Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. | 7.2 |
| 2021-10-13 | CVE-2021-40842 | SQL Injection vulnerability in Proofpoint Insider Threat Management Server Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. | 7.5 |
| 2021-01-26 | CVE-2021-22159 | Improper Privilege Management vulnerability in Proofpoint Insider Threat Management Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. | 7.2 |
| 2021-01-06 | CVE-2020-10658 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. | 7.5 |
| 2021-01-06 | CVE-2020-10656 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. | 7.5 |
| 2021-01-06 | CVE-2020-10655 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. | 7.5 |