CVE-2023-4801

An improper certification validation vulnerability in the Insider Threat Management ITM Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to...

CVE-2023-4828

The CVE-2023-4828 issue affects Proofpoint Insider Threat Management (ITM) Server versions prior to 7.14.3.69. The root cause is an improper check for an exceptional condition, enabling an attacker with valid agent credentials and hostname to reconfigure any registered agent so that future commun...

CVE-2023-4828 ITM Server Communications Hijack

An improper check for an exceptional condition in the Insider Threat Management ITM Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure...

CVE-2023-4803

CVE-2023-4803 is a reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of Proofpoint ITM Server’s web console. An authenticated administrator can inject and execute arbitrary JavaScript in another web console administrator’s browser. Affected are all ITM Server versions ...

CVE-2023-4803 ITM Server Cross-site Scripting in WriteWindowTitle Endpoint

A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69...

CVE-2023-4803 ITM Server Cross-site Scripting in WriteWindowTitle Endpoint

A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69...

CVE-2023-4802

The CVE-2023-4802 issue affects Proofpoint ITM Server (UpdateInstalledSoftware endpoint) prior to version 7.14.3.69. The vulnerability is a reflected cross-site scripting (XSS) that allows an authenticated administrator to execute arbitrary JavaScript in another web console administrator’s browse...

CVE-2023-4802 ITM Server Cross-site Scripting in UpdateInstalledSoftware Endpoint

A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to...

CVE-2023-4802 ITM Server Cross-site Scripting in UpdateInstalledSoftware Endpoint

A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management ITM Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to...

CVE-2023-4801 ITM MacOS Agent Improper Certificate Validation

An improper certification validation vulnerability in the Insider Threat Management ITM Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to...

PT-2023-30667 · Unknown · Itm Server

Name of the Vulnerable Software and Affected Versions: Insider Threat Management ITM Server versions prior to 7.14.3.69 Description: A reflected cross-site scripting issue in the "UpdateInstalledSoftware" endpoint of the ITM Server's web console could allow an authenticated administrator to run...

PT-2023-30755 · Unknown · Itm Server

Name of the Vulnerable Software and Affected Versions: Insider Threat Management ITM Server versions prior to 7.14.3.69 Description: An improper check for an exceptional condition in the ITM Server could be used by an attacker to change the server's configuration of any already-registered agent s...

CVE-2023-36002 ITM Server Missing Authorization for URL validation

A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected...

CVE-2023-36000 ITM Server Missing Authorization for Agent Config

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. Al...

CVE-2023-36000 ITM Server Missing Authorization for Agent Config

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. Al...

CVE-2023-35998 ITM Server Missing Authorization in SOAP Endpoints

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before...

CVE-2021-27899

The Proofpoint Insider Threat Management Agents formerly ObserveIT Agent for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are...

Input validation

The Proofpoint Insider Threat Management Agents formerly ObserveIT Agent for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are...

CVE-2020-10657

The Proofpoint Insider Threat Management Server formerly ObserveIT Server before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker with admin or config-admin privileges in the console to execute arbitrary code with local...