The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML external entity (XXE) injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are affected.
References
Link | Resource |
---|---|
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0003 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-04-06 21:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-22158
Mitre link : CVE-2021-22158
CVE.ORG link : CVE-2021-22158
JSON object : View
Products Affected
proofpoint
- insider_threat_management
CWE
CWE-611
Improper Restriction of XML External Entity Reference