#VU77745 Missing Authorization in Insider Threat Management On-Premises - CVE-2023-35998

Cybersecurity Help s.r.o.

Published: 2023-06-28

Vulnerability identifier: #VU77745

Vulnerability risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-35998

CWE-ID: CWE-862

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Insider Threat Management On-Premises
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Proofpoint

Description

The vulnerability allows a remote user to bypass authorization.

The vulnerability exists due to missing authorization in multiple SOAP endpoints. A remote user with a valid agent authentication token can read and write unauthorized objects.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Insider Threat Management On-Premises: 7.12.0 - 7.14.2

External links
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Proofpoint Insider Threat Management Server