CVE-2021-22158

2021-04-0620:52:10

mitre

www.cve.org

proofpoint insider threat management server

xml external entity (xxe) injection

web console

admin user privileges

encryption key

version 7.11

EPSS

0.001

Percentile

42.8%

JSON

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file’s encryption key to successfully exploit. All versions before 7.11 are affected.

References

www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0003

EPSS

0.001

Percentile

42.8%

JSON

Related for CVELIST:CVE-2021-22158