Vulnerabilities > Proofpoint > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-06 | CVE-2021-22158 | XXE vulnerability in Proofpoint Insider Threat Management The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. | 7.2 |
2021-01-26 | CVE-2021-22159 | Missing Authentication for Critical Function vulnerability in Proofpoint Insider Threat Management Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. | 7.8 |
2021-01-06 | CVE-2020-8884 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper deserialization over named pipes. | 8.8 |
2021-01-06 | CVE-2020-10657 | Deserialization of Untrusted Data vulnerability in Proofpoint Insider Threat Management Server The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. | 7.2 |
2020-01-13 | CVE-2019-19680 | Unspecified vulnerability in Proofpoint Enterprise Protection A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email. | 8.8 |