CVE-2021-40842
Last modified
CVE-2021-40842 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. EPSS estimates a 0.96% chance of exploitation in the next 30 days.
Description
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Proofpoint | Insider Threat Management Server | < 7.11.2 |
| Proofpoint | Insider Threat Management Server | 7.12.0 |
References
- https://www.proofpoint.com/us/security/security-advisoriesVendor Advisory
- https://www.proofpoint.com/us/security/security-advisoriesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-40842?
How severe is CVE-2021-40842?
How do I fix CVE-2021-40842?
Are you affected by CVE-2021-40842?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST