Proofpoint Insider Threat Management — known CVE vulnerabilities
Every CVE whose affected-product data names Proofpoint Insider Threat Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-8884 — CVSS 8.8 (high): rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated…
CVE-2021-27900 — CVSS 8.1 (high): The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web…
CVE-2022-25294 — CVSS 7.8 (high): Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local…
CVE-2021-22159 — CVSS 7.8 (high): Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly…
CVE-2023-4801 — CVSS 7.5 (high): An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous…
CVE-2021-27899 — CVSS 7.4 (high): The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM…
CVE-2021-22158 — CVSS 7.2 (high): The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web…
CVE-2023-4828 — CVSS 6.4 (medium): An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the…
CVE-2021-22157 — CVSS 6.1 (medium): Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.
CVE-2023-2818 — CVSS 5.5 (medium): An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent…
CVE-2023-4802 — CVSS 4.8 (medium): A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web…
CVE-2023-4803 — CVSS 4.8 (medium): A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console…