Proofpoint Insider Threat Management Server 7.11.2

CPE Details

Proofpoint Insider Threat Management Server 7.11.2
proofpoint
insider_threat_management_server
7.11.2
2021-10-15
09h58 +00:00
2021-10-15
11h11 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:proofpoint:insider_threat_management_server:7.11.2:*:*:*:*:*:*:*

Informations

Vendor

proofpoint

Product

insider_threat_management_server

Version

7.11.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2025-8558 2025-11-03 18h16 +00:00 Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.
5.4
Moyen
CVE-2023-36002 2023-06-27 14h32 +00:00 A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected.
4.3
Moyen
CVE-2023-36000 2023-06-27 14h32 +00:00 A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
6.5
Moyen
CVE-2023-35998 2023-06-27 14h30 +00:00 A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
4.6
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.