Vulnerability Description
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proofpoint | Insider Threat Management Server | < 7.11.2 |
Related Weaknesses (CWE)
References
- https://www.proofpoint.com/us/security/security-advisoriesVendor Advisory
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0008Vendor Advisory
- https://www.proofpoint.com/us/security/security-advisoriesVendor Advisory
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0008Vendor Advisory
FAQ
What is CVE-2021-40842?
CVE-2021-40842 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required...
How severe is CVE-2021-40842?
CVE-2021-40842 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-40842?
Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Insider Threat Management Server.