Skip to main content

Insider Threat Management Server

6 CVEs product

Monthly

CVE-2025-8558 LOW Monitor

Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Insider Threat Management Server
NVD
CVSS 4.0
2.3
EPSS
0.1%
CVE-2023-36002 MEDIUM This Month

A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Insider Threat Management Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-36000 MEDIUM This Month

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Insider Threat Management Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-35998 MEDIUM This Month

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Insider Threat Management Server
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-40843 HIGH This Week

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi Deserialization RCE Insider Threat Management Server
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2021-40842 CRITICAL Act Now

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Insider Threat Management Server
NVD
CVSS 3.1
9.8
EPSS
1.0%
EPSS 0% CVSS 2.3
LOW Monitor

Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Insider Threat Management Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Insider Threat Management Server
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Insider Threat Management Server
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Insider Threat Management Server
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi Deserialization RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Insider Threat Management Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy