Lucene search

K
nvd[email protected]NVD:CVE-2023-35998
HistoryJun 27, 2023 - 3:15 p.m.

CVE-2023-35998

2023-06-2715:15:10
CWE-862
web.nvd.nist.gov
5
authorization check
soap endpoints
insider threat management server
adjacent network
unauthorized objects
agent authentication token
vulnerability
cve-2023-35998

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0

Percentile

9.0%

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.

Affected configurations

Nvd
Node
proofpointinsider_threat_management_serverRange<7.14.3
VendorProductVersionCPE
proofpointinsider_threat_management_server*cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0

Percentile

9.0%

Related for NVD:CVE-2023-35998