Proofpoint Insider Threat Management Server — known CVE vulnerabilities
Every CVE whose affected-product data names Proofpoint Insider Threat Management Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2021-40842 — CVSS 9.8 (critical): Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to…
CVE-2020-10656 — CVSS 9.8 (critical): The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application…
CVE-2020-10655 — CVSS 9.8 (critical): The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application…
CVE-2020-10658 — CVSS 9.8 (critical): The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application…
CVE-2021-40843 — CVSS 7.3 (high): Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write…
CVE-2020-10657 — CVSS 7.2 (high): The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's…
CVE-2023-36000 — CVSS 6.5 (medium): A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous…
CVE-2025-8558 — CVSS 5.4 (medium): Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated…
CVE-2023-35998 — CVSS 4.6 (medium): A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network…
CVE-2023-36002 — CVSS 4.3 (medium): A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on…