Vulnerability Description
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proofpoint | Insider Threat Management Server | < 7.9.1 |
Related Weaknesses (CWE)
References
- https://www.proofpoint.com/us/blogProduct
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0003Vendor Advisory
- https://www.proofpoint.com/us/blogProduct
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0003Vendor Advisory
FAQ
What is CVE-2020-10656?
CVE-2020-10656 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability al...
How severe is CVE-2020-10656?
CVE-2020-10656 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-10656?
Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Insider Threat Management Server.