The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected.
References
Link | Resource |
---|---|
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0003 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-06T20:52:10
Updated: 2021-04-06T20:52:10
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-22158
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-06T21:15:14.397
Modified: 2021-04-12T19:21:49.963
Link: CVE-2021-22158
JSON object: View
Redhat Information
No data.
CWE