Unsafe Deserialization Vulnerability in Proofpoint Insider Threat Management Server
CVE-2021-40843

7.3HIGH

Key Information:

Vendor: Proofpoint
Status: Insider Threat Management Server
Vendor: CVE Published:; 13 October 2021

Summary

Proofpoint Insider Threat Management Server is vulnerable to an unsafe deserialization flaw within its Web Console. This security weakness allows an attacker with write access to the local database to execute arbitrary code with SYSTEM privileges on the server whenever a Web Console user attempts to retrieve that data. Furthermore, when this vulnerability is combined with a SQL injection weakness, it presents an opportunity for remote exploitation, particularly if users interact with a series of maliciously crafted URLs.

References

https://www.proofpoint.com/us/security/security-advisories

x_refsource_MISC

https://www.proofpoint.com/us/security/security-advisorie...

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 13, 2021
Vulnerability Reserved
Sep 10, 2021