A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
References
Link | Resource |
---|---|
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004 | Vendor Advisory |
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005 | Not Applicable |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Proofpoint
Published: 2023-06-27T14:30:53.460Z
Updated: 2023-06-27T14:30:53.460Z
Reserved: 2023-06-20T20:19:49.398Z
Link: CVE-2023-35998
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-27T15:15:10.720
Modified: 2023-07-06T15:38:28.803
Link: CVE-2023-35998
JSON object: View
Redhat Information
No data.
CWE