Stored XSS Vulnerability in Proofpoint Insider Threat Management Server
CVE-2021-22157

6.1MEDIUM

Key Information:

Vendor: Proofpoint
Status: Insider Threat Management
Vendor: CVE Published:; 6 April 2021

What is CVE-2021-22157?

The Proofpoint Insider Threat Management Server, previously known as ObserveIT Server, is susceptible to stored Cross-Site Scripting (XSS) vulnerabilities in versions prior to 7.11.1. This flaw enables an attacker to inject malicious scripts that can execute within a user's browser session, potentially compromising sensitive data and user interactions. It is crucial for organizations using the affected versions to implement necessary security patches to protect their systems from potential exploitation.

References

https://www.proofpoint.com/us/security/security-advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2021
Vulnerability Reserved
Jan 4, 2021