CVE-2023-36000

A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.

Published: Jun 27, 2023
Updated: Jul 7, 2023
CVE: CVE-2023-36000
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
proofpoint / insider_threat_management_server	-	7.14.3

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005

Vulnerability Database

289,871

CVE-2023-36000