XML External Entity Injection Vulnerability in Proofpoint Insider Threat Management Server
CVE-2021-22158

7.2HIGH

Key Information:

Vendor: Proofpoint
Status: Insider Threat Management
Vendor: CVE Published:; 6 April 2021

What is CVE-2021-22158?

The Proofpoint Insider Threat Management Server, previously known as ObserveIT Server, is susceptible to an XML external entity (XXE) injection vulnerability within its Web Console. This vulnerability necessitates that an attacker possess admin user privileges and be aware of the encryption key for the XML file to execute a successful exploitation. All versions released before 7.11 are impacted, allowing potential unauthorized access and manipulation of sensitive data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.proofpoint.com/us/security/security-advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2021
Vulnerability Reserved
Jan 4, 2021

JSON

Proofpoint

What is CVE-2021-22158?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.