GCVE - cpe:2.3:a:proofpoint:insider_threat

Approved changes feed: RSS · Atom

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Proofpoint (`a6e799ec-33c1-574b-ba22-45b33dd0559d`)
Product	Insider Threat Management (`b94ea2cb-e817-5078-89e2-dd7b3f4c2fa0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-4828`	vulnerable	2026-06-08 06:16:14.677970	ITM Server Communications Hijack MEDIUM (6.4) An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected. Published: 2023-09-13T15:16:13.903Z Updated: 2024-09-24T19:52:35.463Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-008	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4803`	vulnerable	2026-06-08 06:16:14.582275	ITM Server Cross-site Scripting in WriteWindowTitle Endpoint MEDIUM (4.8) A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected. Published: 2023-09-13T15:15:40.928Z Updated: 2024-09-24T19:53:11.481Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4802`	vulnerable	2026-06-08 06:16:14.581804	ITM Server Cross-site Scripting in UpdateInstalledSoftware Endpoint MEDIUM (4.8) A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected. Published: 2023-09-13T15:15:06.042Z Updated: 2024-09-24T19:54:46.722Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-4801`	vulnerable	2026-06-08 06:16:14.579701	ITM MacOS Agent Improper Certificate Validation HIGH (7.5) An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected. Published: 2023-09-13T15:14:36.165Z Updated: 2024-09-25T17:38:58.900Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-006	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-36002`	vulnerable	2026-06-08 06:06:28.287506	ITM Server Missing Authorization for URL validation MEDIUM (4.3) A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected. Published: 2023-06-27T14:32:26.673Z Updated: 2024-11-06T21:22:15.079Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-36000`	vulnerable	2026-06-08 06:06:28.286846	ITM Server Missing Authorization for Agent Config MEDIUM (6.5) A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. Published: 2023-06-27T14:32:01.270Z Updated: 2024-11-06T21:32:04.265Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-35998`	vulnerable	2026-06-08 06:06:28.285064	ITM Server Missing Authorization in SOAP Endpoints MEDIUM (4.6) A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. Published: 2023-06-27T14:30:53.460Z Updated: 2024-11-06T21:32:50.230Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-2818`	vulnerable	2026-06-08 06:02:43.134839	ITM Windows Agent Insecure Filesystem Permissions MEDIUM (5.5) An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected. Published: 2023-06-27T14:29:49.258Z Updated: 2024-11-07T17:06:01.258Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27900`	vulnerable	2026-06-08 05:31:22.697023	Details available The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected. Published: 2021-04-06T21:00:55.000Z Updated: 2024-08-03T21:33:16.793Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0005	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22158`	vulnerable	2026-06-08 05:29:59.962401	Details available The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected. Published: 2021-04-06T20:52:10.000Z Updated: 2024-08-03T18:37:17.467Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0003	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22157`	vulnerable	2026-06-08 05:29:59.961994	Details available Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS. Published: 2021-04-06T20:38:36.000Z Updated: 2024-08-03T18:37:18.238Z Open on db.gcve.eu Reference links https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0002	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Insider Threat Management

PURL mappings

Vulnerability references

Contribute