Vulnerabilities > Proofpoint > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-13 | CVE-2023-4801 | Improper Certificate Validation vulnerability in Proofpoint Insider Threat Management An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. | 7.5 |
| 2023-03-08 | CVE-2023-0089 | Code Injection vulnerability in Proofpoint Enterprise Protection The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. | 8.8 |
| 2022-12-21 | CVE-2022-46334 | Improper Privilege Management vulnerability in Proofpoint Enterprise Protection Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. | 7.8 |
| 2022-12-06 | CVE-2022-46333 | Code Injection vulnerability in Proofpoint Enterprise Protection The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. | 7.2 |
| 2022-03-10 | CVE-2022-25294 | Unspecified vulnerability in Proofpoint Insider Threat Management Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. | 7.8 |
| 2021-10-13 | CVE-2021-40843 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. | 7.3 |
| 2021-10-13 | CVE-2021-34814 | Unspecified vulnerability in Proofpoint Spam Engine Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. | 7.5 |
| 2021-10-13 | CVE-2021-39304 | Unspecified vulnerability in Proofpoint Enterprise Protection 8.12.02107140000 Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass. | 7.5 |
| 2021-04-06 | CVE-2021-27900 | Missing Authorization vulnerability in Proofpoint Insider Threat Management The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. | 8.1 |
| 2021-04-06 | CVE-2021-27899 | Improper Certificate Validation vulnerability in Proofpoint Insider Threat Management The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. | 7.4 |