Vulnerability Description
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proofpoint | Insider Threat Management Server | < 7.14.3 |
| Apple | Macos | - |
Related Weaknesses (CWE)
References
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005Not Applicable
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004Vendor Advisory
- https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005Not Applicable
FAQ
What is CVE-2023-36000?
CVE-2023-36000 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Su...
How severe is CVE-2023-36000?
CVE-2023-36000 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-36000?
Check the references section above for vendor advisories and patch information. Affected products include: Proofpoint Insider Threat Management Server, Apple Macos.