Authorization Flaw in Proofpoint Insider Threat Management Server
CVE-2021-27900

8.1HIGH

Key Information:

Vendor: Proofpoint
Status: Insider Threat Management
Vendor: CVE Published:; 6 April 2021

Summary

The Proofpoint Insider Threat Management Server has a significant authorization bypass vulnerability that permits view-only users to alter configuration settings and to remove registered agents through the Web Console. This flaw affects all versions prior to 7.11.1, which could lead to unauthorized configuration changes and potential disruptions in security operations.

References

https://www.proofpoint.com/us/security/security-advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2021
Vulnerability Reserved
Mar 2, 2021