Insider Threat Management Server
CVE-2021-40842
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.
AnalysisAI
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected. Affected products include: Proofpoint Insider Threat Management Server. Version information: Version 7.12.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. Rated h
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on
A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an an
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allo
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today