CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
Vendor | Product | Version | CPE |
---|---|---|---|
proofpoint | insider_threat_management_server | * | cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"modules": [
"Server"
],
"product": "Insider Threat Management",
"vendor": "Proofpoint",
"versions": [
{
"lessThan": "7.14.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]