Описание
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected.
Уязвимые конфигурации
Конфигурация 1Версия от 7.9.0 (включая) до 7.9.3 (исключая)Версия от 7.10.0 (включая) до 7.10.3 (исключая)Версия от 7.11.0 (включая) до 7.11.1 (исключая)
Одно из
cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*
cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*
cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00207
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
github
больше 3 лет назад
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected.
EPSS
Процентиль: 43%
0.00207
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-611