EUVD-2023-54645

Malicious code in bioql PyPI...

CVE-2023-4801

An improper certification validation vulnerability in the Insider Threat Management ITM Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to...

Cross site scripting

A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to...

CVE-2023-4828 ITM Server Communications Hijack

An improper check for an exceptional condition in the Insider Threat Management ITM Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure...

CVE-2023-4803 ITM Server Cross-site Scripting in WriteWindowTitle Endpoint

A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69...

CVE-2023-4803 ITM Server Cross-site Scripting in WriteWindowTitle Endpoint

A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69...

CVE-2023-4802 ITM Server Cross-site Scripting in UpdateInstalledSoftware Endpoint

A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to...

CVE-2023-4801 ITM MacOS Agent Improper Certificate Validation

An improper certification validation vulnerability in the Insider Threat Management ITM Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to...

Proofpoint Insider Threat Management Cross-Site Scripting Vulnerability

Proofpoint Insider Threat Management Proofpoint ITM is an insider threat management system from Proofpoint Inc. in the United States. A cross-site scripting vulnerability exists in Insider Threat Management versions prior to 7.14.3.69, which stems from the presence of a Reflected Cross-Site...

PT-2023-30675 · Unknown · Itm Server

Name of the Vulnerable Software and Affected Versions: Insider Threat Management ITM Server versions prior to 7.14.3.69 Description: A reflected cross-site scripting issue in the "WriteWindowTitle" endpoint of the ITM Server's web console could allow an authenticated administrator to execute...