SB2023062804 - Multiple vulnerabilities in Proofpoint Insider Threat Management Server

Security Bulletin ID SB2023062804

Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Missing Authorization (CVE-ID: CVE-2023-35998)

The vulnerability allows a remote user to bypass authorization.

The vulnerability exists due to missing authorization in multiple SOAP endpoints. A remote user with a valid agent authentication token can read and write unauthorized objects.

2) Missing Authorization (CVE-ID: CVE-2023-36000)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing authorization check in the MacOS agent configuration endpoint. A remote non-authenticated attacker on the local network can obtain sensitive information.

3) Missing Authorization (CVE-ID: CVE-2023-36002)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing authorization check in multiple URL validation endpoints. A remote non-authenticated attacker on the local network can smuggle content via DNS lookups.

Remediation

Install update from vendor's website.

References

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004