Vulnerabilities > Proofpoint > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-06 CVE-2021-22158 XXE vulnerability in Proofpoint Insider Threat Management
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console.
network
low complexity
proofpoint CWE-611
7.2
2021-01-26 CVE-2021-22159 Missing Authentication for Critical Function vulnerability in Proofpoint Insider Threat Management
Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user.
local
low complexity
proofpoint CWE-306
7.8
2021-01-06 CVE-2020-8884 Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management
rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper deserialization over named pipes.
network
low complexity
proofpoint CWE-502
8.8
2021-01-06 CVE-2020-10657 Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature.
network
low complexity
proofpoint CWE-502
7.2
2020-01-13 CVE-2019-19680 Unspecified vulnerability in Proofpoint Enterprise Protection
A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email.
network
low complexity
proofpoint
8.8