CVE-2021-40843
Last modified
CVE-2021-40843 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Proofpoint | Insider Threat Management Server | < 7.11.2 |
References
- https://www.proofpoint.com/us/security/security-advisoriesVendor Advisory
- https://www.proofpoint.com/us/security/security-advisoriesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-40843?
How severe is CVE-2021-40843?
How do I fix CVE-2021-40843?
Are you affected by CVE-2021-40843?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST