Vulnerability Description
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote attacker (with admin or config-admin privileges in the console) to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proofpoint | Insider Threat Management Server | < 7.9.1 |
Related Weaknesses (CWE)
References
- https://www.proofpoint.com/us/blogProduct
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0003Vendor Advisory
- https://www.proofpoint.com/us/blogProduct
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0003Vendor Advisory
FAQ
What is CVE-2020-10657?
CVE-2020-10657 is a vulnerability with a CVSS score of 7.2 (HIGH). The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM web console's ImportAlertRules feature. The vulnerability allows a remote a...
How severe is CVE-2020-10657?
CVE-2020-10657 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10657?
Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Insider Threat Management Server.