Описание
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected.
Уязвимые конфигурации
Конфигурация 1Версия от 7.9.0 (включая) до 7.9.3 (исключая)Версия от 7.10.0 (включая) до 7.10.3 (исключая)Версия от 7.11.0 (включая) до 7.11.1 (исключая)
Одно из
cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*
cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*
cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00245
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
github
больше 3 лет назад
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected.
EPSS
Процентиль: 47%
0.00245
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-862