Vulnerability Description
A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proofpoint | Insider Threat Management Server | < 7.14.3 |
Related Weaknesses (CWE)
References
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005Not Applicable
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004Vendor Advisory
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005Not Applicable
FAQ
What is CVE-2023-35998?
CVE-2023-35998 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitat...
How severe is CVE-2023-35998?
CVE-2023-35998 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-35998?
Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Insider Threat Management Server.