Proofpoint Insider Threat Management Server vulnerabilities
10 known vulnerabilities affecting proofpoint/insider_threat_management_server.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2021-40842P2CRITICALCVSS 9.8fixed in 7.11.2v7.12.02021-10-13
CVE-2021-40842 [CRITICAL] CWE-89 CVE-2021-40842: Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Consol
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL s
nvd
CVE-2020-10658P2CRITICALCVSS 9.8fixed in 7.9.12021-01-06
CVE-2020-10658 [CRITICAL] CWE-502 CVE-2020-10658: The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.
nvd
CVE-2020-10655P2CRITICALCVSS 9.8fixed in 7.9.12021-01-06
CVE-2020-10655 [CRITICAL] CWE-502 CVE-2020-10655: The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouse API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.
nvd
CVE-2020-10656P2CRITICALCVSS 9.8fixed in 7.9.12021-01-06
CVE-2020-10656 [CRITICAL] CWE-502 CVE-2020-10656: The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserializati
nvd
CVE-2020-10657P3HIGHCVSS 7.2fixed in 7.9.12021-01-06
CVE-2020-10657 [HIGH] CWE-502 CVE-2020-10657: The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges in the console) to execute arbitrary code with local administrator privileges. The vulnerability is caused
nvd
CVE-2021-40843P3HIGHCVSS 7.3fixed in 7.11.22021-10-13
CVE-2021-40843 [HIGH] CWE-502 CVE-2021-40843: Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerabilit
nvd
CVE-2023-36000P4MEDIUMCVSS 6.5fixed in 7.14.32023-06-27
CVE-2023-36000 [MEDIUM] CWE-862 CVE-2023-36000: A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Manage
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
nvd
CVE-2025-8558P4MEDIUMCVSS 5.4fixed in 7.17.22025-11-03
CVE-2025-8558 [MEDIUM] CWE-306 CVE-2025-8558: Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vul
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agen
nvd
CVE-2023-35998P4MEDIUMCVSS 4.6fixed in 7.14.32023-06-27
CVE-2023-35998 [MEDIUM] CWE-862 CVE-2023-35998: A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server ena
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
nvd
CVE-2023-36002P4MEDIUMCVSS 4.3fixed in 7.14.32023-06-27
CVE-2023-36002 [MEDIUM] CWE-862 CVE-2023-36002: A missing authorization check in multiple URL validation endpoints of the Insider Threat Management
A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected.
nvd